Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Centennial
Progent's ransomware forensics consultants can save the system state after a ransomware attack and carry out a detailed forensics investigation without impeding activity related to operational resumption and data restoration. Your Centennial business can use Progent's post-attack forensics documentation to combat future ransomware assaults, assist in the restoration of lost data, and comply with insurance and governmental mandates.
Ransomware forensics is aimed at discovering and describing the ransomware assault's progress across the targeted network from start to finish. This audit trail of the way a ransomware attack progressed within the network helps you to assess the impact and brings to light vulnerabilities in security policies or processes that should be rectified to prevent future breaches. Forensics is commonly given a top priority by the insurance carrier and is typically required by state and industry regulations. Because forensics can be time consuming, it is critical that other important recovery processes like operational resumption are performed concurrently. Progent has a large team of information technology and cybersecurity professionals with the knowledge and experience needed to perform activities for containment, business resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics is complex and calls for intimate interaction with the teams responsible for data cleanup and, if needed, payment talks with the ransomware hacker. Ransomware forensics typically require the examination of logs, registry, Group Policy Object (GPO), AD, DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect variations.
Services involved with forensics include:
- Isolate without shutting off all potentially suspect devices from the system. This can involve closing all RDP ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and setting up 2FA to secure backups.
- Preserve forensically complete digital images of all suspect devices so the data restoration team can proceed
- Preserve firewall, VPN, and additional key logs as soon as possible
- Identify the kind of ransomware used in the assault
- Inspect each computer and storage device on the network as well as cloud-hosted storage for indications of encryption
- Inventory all encrypted devices
- Establish the type of ransomware used in the assault
- Review log activity and user sessions to determine the timeline of the assault and to identify any potential lateral migration from the first compromised system
- Understand the security gaps exploited to carry out the ransomware attack
- Look for the creation of executables surrounding the original encrypted files or system compromise
- Parse Outlook web archives
- Analyze attachments
- Extract any URLs embedded in messages and determine whether they are malware
- Produce comprehensive attack documentation to meet your insurance carrier and compliance requirements
- Suggest recommended improvements to close cybersecurity vulnerabilities and enforce workflows that reduce the risk of a future ransomware exploit
Progent has delivered online and onsite network services throughout the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have earned high-level certifications in foundation technologies including Cisco infrastructure, VMware, and popular distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also offers guidance in financial management and ERP applications. This breadth of skills allows Progent to salvage and integrate the undamaged parts of your IT environment following a ransomware assault and rebuild them rapidly into a viable system. Progent has collaborated with leading cyber insurance carriers including Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in Centennial
To learn more information about how Progent can assist your Centennial organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.