Progent's Ransomware Forensics Investigation and Reporting in Centennial
Progent's ransomware forensics experts can save the evidence of a ransomware attack and perform a comprehensive forensics analysis without interfering with activity related to operational continuity and data restoration. Your Centennial organization can utilize Progent's post-attack ransomware forensics documentation to combat future ransomware attacks, validate the cleanup of lost data, and meet insurance carrier and governmental reporting requirements.
Ransomware forensics analysis is aimed at determining and describing the ransomware assault's storyline throughout the network from start to finish. This audit trail of how a ransomware attack progressed within the network assists you to assess the damage and uncovers weaknesses in rules or work habits that should be rectified to prevent future break-ins. Forensic analysis is commonly given a top priority by the cyber insurance carrier and is often mandated by state and industry regulations. Because forensic analysis can take time, it is vital that other key activities such as operational resumption are performed in parallel. Progent has a large roster of IT and data security experts with the skills needed to perform activities for containment, operational continuity, and data recovery without disrupting forensics.
Ransomware forensics investigation is time consuming and requires close interaction with the groups responsible for data cleanup and, if necessary, payment talks with the ransomware Threat Actor (TA). forensics can involve the examination of all logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and basic Windows systems to detect anomalies.
Services involved with forensics analysis include:
- Detach but avoid shutting down all potentially suspect devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and setting up two-factor authentication to protect backups.
- Preserve forensically sound duplicates of all suspect devices so your file recovery group can get started
- Save firewall, virtual private network, and other critical logs as soon as possible
- Identify the kind of ransomware involved in the assault
- Examine every machine and storage device on the network including cloud storage for indications of compromise
- Inventory all encrypted devices
- Determine the type of ransomware used in the attack
- Study logs and sessions in order to establish the time frame of the attack and to identify any potential sideways movement from the originally compromised machine
- Identify the attack vectors used to carry out the ransomware assault
- Look for new executables surrounding the original encrypted files or system compromise
- Parse Outlook PST files
- Analyze email attachments
- Extract any URLs from messages and determine if they are malicious
- Produce comprehensive attack documentation to satisfy your insurance and compliance mandates
- Document recommended improvements to close cybersecurity vulnerabilities and improve workflows that lower the exposure to a future ransomware breach
Progent has provided remote and onsite network services throughout the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded high-level certifications in foundation technologies including Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications such as CISM, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers guidance in financial and ERP applications. This breadth of skills allows Progent to identify and consolidate the undamaged parts of your information system after a ransomware assault and reconstruct them quickly into a viable network. Progent has collaborated with top insurance carriers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Centennial
To learn more about ways Progent can assist your Centennial business with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.