Overview of Progent's Ransomware Forensics and Reporting in Charleston
Progent's ransomware forensics consultants can save the evidence of a ransomware assault and perform a comprehensive forensics investigation without slowing down activity required for operational continuity and data recovery. Your Charleston business can use Progent's post-attack ransomware forensics report to counter subsequent ransomware attacks, assist in the recovery of lost data, and meet insurance and regulatory mandates.
Ransomware forensics is aimed at discovering and describing the ransomware assault's storyline throughout the network from beginning to end. This history of the way a ransomware attack travelled within the network helps your IT staff to assess the impact and highlights shortcomings in security policies or processes that need to be rectified to avoid later breaches. Forensic analysis is typically assigned a top priority by the cyber insurance carrier and is often mandated by government and industry regulations. Since forensic analysis can be time consuming, it is essential that other important recovery processes such as operational continuity are performed concurrently. Progent maintains a large team of information technology and security professionals with the knowledge and experience required to carry out the work of containment, business continuity, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is complex and requires intimate interaction with the teams assigned to data cleanup and, if needed, settlement negotiation with the ransomware hacker. Ransomware forensics can require the review of logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to check for changes.
Activities involved with forensics analysis include:
- Isolate but avoid shutting off all possibly suspect devices from the network. This may involve closing all RDP ports and Internet facing NAS storage, changing admin credentials and user passwords, and implementing 2FA to secure your backups.
- Capture forensically valid duplicates of all suspect devices so your file recovery team can get started
- Preserve firewall, VPN, and additional critical logs as quickly as possible
- Identify the strain of ransomware involved in the assault
- Examine each machine and storage device on the network including cloud storage for signs of encryption
- Catalog all compromised devices
- Determine the type of ransomware involved in the attack
- Review logs and user sessions to establish the timeline of the ransomware attack and to identify any potential lateral movement from the originally compromised system
- Understand the security gaps exploited to perpetrate the ransomware assault
- Look for the creation of executables associated with the original encrypted files or network compromise
- Parse Outlook PST files
- Examine email attachments
- Extract any URLs from messages and check to see whether they are malicious
- Produce detailed attack reporting to satisfy your insurance carrier and compliance regulations
- List recommendations to close security vulnerabilities and improve processes that reduce the exposure to a future ransomware breach
Progent has delivered online and on-premises network services across the U.S. for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in foundation technology platforms such as Cisco networking, VMware, and major Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications including CISA, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning application software. This breadth of skills allows Progent to identify and consolidate the surviving pieces of your network following a ransomware intrusion and reconstruct them quickly into an operational network. Progent has collaborated with top insurance providers including Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Charleston
To learn more about ways Progent can assist your Charleston organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.