Overview of Progent's Ransomware Forensics Analysis and Reporting in Centennial
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and carry out a comprehensive forensics investigation without slowing down activity required for operational continuity and data restoration. Your Centennial organization can utilize Progent's forensics documentation to block future ransomware attacks, assist in the recovery of lost data, and meet insurance carrier and regulatory reporting requirements.
Ransomware forensics involves discovering and documenting the ransomware assault's progress across the targeted network from start to finish. This history of the way a ransomware attack progressed through the network helps your IT staff to assess the impact and uncovers weaknesses in policies or work habits that need to be rectified to prevent future breaches. Forensic analysis is typically given a top priority by the cyber insurance provider and is often required by government and industry regulations. Since forensic analysis can take time, it is vital that other key activities such as operational continuity are pursued concurrently. Progent maintains an extensive team of IT and data security professionals with the skills needed to perform activities for containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics investigation is time consuming and calls for intimate cooperation with the teams focused on data restoration and, if necessary, payment discussions with the ransomware attacker. Ransomware forensics typically require the review of all logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, schedulers, and core Windows systems to check for anomalies.
Services associated with forensics include:
- Disconnect but avoid shutting off all possibly affected devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user PWs, and configuring two-factor authentication to protect backups.
- Capture forensically sound duplicates of all suspect devices so your data restoration team can proceed
- Preserve firewall, VPN, and additional key logs as quickly as feasible
- Determine the variety of ransomware used in the attack
- Survey every computer and data store on the system as well as cloud-hosted storage for signs of compromise
- Inventory all compromised devices
- Establish the type of ransomware involved in the assault
- Study logs and user sessions in order to establish the time frame of the attack and to spot any potential lateral movement from the first compromised system
- Understand the attack vectors used to perpetrate the ransomware assault
- Search for new executables associated with the original encrypted files or system breach
- Parse Outlook web archives
- Analyze attachments
- Separate URLs embedded in messages and check to see whether they are malware
- Provide extensive incident reporting to satisfy your insurance and compliance regulations
- List recommendations to close security gaps and improve workflows that lower the risk of a future ransomware exploit
Progent's Qualifications
Progent has delivered online and onsite network services across the U.S. for over 20 years and has been awarded Microsoft's Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes consultants who have been awarded advanced certifications in core technologies including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning application software. This scope of expertise gives Progent the ability to identify and integrate the surviving pieces of your IT environment following a ransomware assault and rebuild them rapidly into a viable network. Progent has worked with leading cyber insurance carriers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Centennial
To find out more information about how Progent can help your Centennial organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.