Overview of Progent's Ransomware Forensics and Reporting in Charleston
Progent's ransomware forensics consultants can preserve the evidence of a ransomware attack and perform a comprehensive forensics investigation without interfering with activity required for operational resumption and data restoration. Your Charleston organization can utilize Progent's post-attack ransomware forensics documentation to block future ransomware assaults, assist in the recovery of lost data, and meet insurance carrier and regulatory requirements.
Ransomware forensics involves determining and describing the ransomware attack's progress across the network from beginning to end. This audit trail of how a ransomware attack progressed within the network assists your IT staff to evaluate the damage and highlights vulnerabilities in security policies or work habits that need to be corrected to prevent later breaches. Forensics is usually given a top priority by the insurance carrier and is typically required by government and industry regulations. Since forensics can take time, it is critical that other important recovery processes such as operational continuity are executed concurrently. Progent has a large roster of information technology and cybersecurity experts with the knowledge and experience needed to perform activities for containment, business continuity, and data recovery without disrupting forensics.
Ransomware forensics investigation is complicated and requires close interaction with the groups responsible for file cleanup and, if necessary, settlement talks with the ransomware hacker. Ransomware forensics can require the examination of logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to look for anomalies.
Activities associated with forensics analysis include:
- Detach but avoid shutting off all possibly impacted devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user PWs, and setting up two-factor authentication to guard your backups.
- Copy forensically complete duplicates of all suspect devices so the data recovery team can get started
- Preserve firewall, VPN, and other key logs as soon as possible
- Determine the type of ransomware involved in the assault
- Inspect each computer and storage device on the network as well as cloud-hosted storage for signs of encryption
- Catalog all encrypted devices
- Establish the kind of ransomware involved in the assault
- Review logs and user sessions in order to determine the time frame of the ransomware attack and to identify any potential sideways movement from the first compromised machine
- Identify the security gaps exploited to carry out the ransomware attack
- Look for new executables surrounding the original encrypted files or system compromise
- Parse Outlook web archives
- Examine attachments
- Separate any URLs from email messages and determine if they are malware
- Provide detailed attack reporting to meet your insurance carrier and compliance regulations
- Suggest recommendations to close security gaps and enforce processes that lower the risk of a future ransomware exploit
Progent has provided online and on-premises network services throughout the U.S. for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SBEs includes consultants who have been awarded high-level certifications in core technology platforms including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and ERP application software. This scope of skills gives Progent the ability to identify and integrate the undamaged parts of your information system after a ransomware attack and reconstruct them rapidly into an operational system. Progent has collaborated with top insurance carriers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Charleston
To learn more about ways Progent can help your Charleston business with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.