Overview of Progent's Ransomware Forensics and Reporting in Charleston
Progent's ransomware forensics consultants can preserve the evidence of a ransomware attack and perform a detailed forensics analysis without impeding activity required for operational continuity and data recovery. Your Charleston business can utilize Progent's post-attack forensics report to block future ransomware attacks, validate the recovery of lost data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics is aimed at tracking and describing the ransomware attack's storyline throughout the network from start to finish. This history of the way a ransomware assault progressed within the network helps your IT staff to evaluate the damage and uncovers gaps in policies or work habits that should be rectified to avoid future breaches. Forensics is commonly given a top priority by the insurance provider and is typically required by state and industry regulations. Since forensic analysis can be time consuming, it is essential that other key recovery processes such as operational resumption are pursued concurrently. Progent maintains an extensive team of IT and security experts with the knowledge and experience required to carry out the work of containment, business resumption, and data restoration without disrupting forensics.
Ransomware forensics investigation is complex and calls for intimate interaction with the teams focused on data recovery and, if needed, settlement negotiation with the ransomware hacker. forensics typically require the review of all logs, registry, Group Policy Object, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and basic Windows systems to check for changes.
Services associated with forensics investigation include:
- Isolate without shutting off all possibly impacted devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user passwords, and setting up two-factor authentication to secure backups.
- Create forensically complete images of all suspect devices so your data recovery group can get started
- Preserve firewall, VPN, and other critical logs as soon as feasible
- Establish the kind of ransomware involved in the assault
- Inspect each machine and data store on the network including cloud-hosted storage for indications of encryption
- Inventory all encrypted devices
- Determine the type of ransomware used in the attack
- Study log activity and sessions to establish the timeline of the assault and to identify any potential sideways migration from the first infected machine
- Identify the security gaps exploited to carry out the ransomware attack
- Look for the creation of executables surrounding the original encrypted files or system compromise
- Parse Outlook web archives
- Analyze attachments
- Extract URLs from messages and determine whether they are malicious
- Produce detailed incident documentation to satisfy your insurance and compliance mandates
- Suggest recommended improvements to shore up security vulnerabilities and enforce processes that lower the exposure to a future ransomware breach
Progent has delivered remote and on-premises IT services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in core technology platforms including Cisco infrastructure, VMware, and popular Linux distros. Progent's data security experts have earned prestigious certifications such as CISM, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial and Enterprise Resource Planning application software. This broad array of expertise gives Progent the ability to identify and integrate the surviving parts of your IT environment after a ransomware assault and reconstruct them rapidly into an operational network. Progent has collaborated with leading insurance providers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Charleston
To learn more information about how Progent can assist your Charleston organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.