Overview of Progent's Ransomware Forensics Investigation and Reporting in Charleston
Progent's ransomware forensics consultants can capture the system state after a ransomware attack and carry out a detailed forensics investigation without slowing down activity related to business resumption and data restoration. Your Charleston organization can use Progent's post-attack forensics report to combat subsequent ransomware attacks, validate the cleanup of encrypted data, and meet insurance and regulatory reporting requirements.
Ransomware forensics analysis is aimed at tracking and documenting the ransomware assault's storyline across the network from beginning to end. This history of how a ransomware assault progressed within the network helps your IT staff to evaluate the impact and highlights vulnerabilities in rules or work habits that should be rectified to avoid later breaches. Forensic analysis is typically assigned a top priority by the cyber insurance provider and is typically mandated by government and industry regulations. Since forensic analysis can be time consuming, it is vital that other key recovery processes such as operational resumption are executed in parallel. Progent has a large roster of IT and security experts with the knowledge and experience needed to perform activities for containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics investigation is arduous and requires intimate interaction with the teams focused on data recovery and, if needed, settlement negotiation with the ransomware attacker. forensics can involve the examination of all logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and core Windows systems to look for changes.
Services involved with forensics include:
- Detach but avoid shutting off all potentially affected devices from the system. This can require closing all RDP ports and Internet connected network-attached storage, changing admin credentials and user PWs, and implementing 2FA to protect your backups.
- Capture forensically valid digital images of all suspect devices so the file recovery group can proceed
- Preserve firewall, VPN, and additional key logs as soon as possible
- Establish the strain of ransomware involved in the assault
- Inspect each computer and data store on the system as well as cloud-hosted storage for indications of encryption
- Catalog all encrypted devices
- Establish the kind of ransomware used in the assault
- Study log activity and user sessions in order to establish the timeline of the ransomware assault and to spot any possible lateral migration from the first compromised system
- Understand the security gaps exploited to carry out the ransomware attack
- Look for the creation of executables surrounding the original encrypted files or system breach
- Parse Outlook PST files
- Examine attachments
- Extract URLs from messages and check to see whether they are malware
- Produce detailed incident documentation to meet your insurance and compliance regulations
- Suggest recommended improvements to shore up security gaps and enforce workflows that reduce the risk of a future ransomware exploit
Progent's Qualifications
Progent has delivered remote and onsite network services throughout the U.S. for more than two decades and has been awarded Microsoft's Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have been awarded advanced certifications in foundation technologies including Cisco networking, VMware virtualization, and major Linux distros. Progent's data security consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial and ERP applications. This scope of expertise gives Progent the ability to identify and integrate the surviving pieces of your information system following a ransomware assault and reconstruct them quickly into an operational network. Progent has collaborated with leading insurance providers like Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Charleston
To learn more about how Progent can assist your Charleston business with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.