Overview of Progent's Ransomware Forensics Investigation and Reporting in Charlotte
Progent's ransomware forensics experts can preserve the evidence of a ransomware assault and perform a detailed forensics analysis without interfering with the processes related to operational continuity and data recovery. Your Charlotte organization can use Progent's ransomware forensics report to combat subsequent ransomware assaults, validate the restoration of encrypted data, and comply with insurance carrier and regulatory mandates.
Ransomware forensics is aimed at determining and describing the ransomware attack's storyline across the targeted network from start to finish. This audit trail of how a ransomware attack progressed within the network assists you to evaluate the impact and uncovers weaknesses in security policies or work habits that should be rectified to prevent later breaches. Forensics is commonly given a high priority by the cyber insurance carrier and is typically required by state and industry regulations. Because forensics can be time consuming, it is essential that other important recovery processes such as business continuity are performed in parallel. Progent has an extensive roster of IT and cybersecurity professionals with the knowledge and experience needed to carry out activities for containment, operational resumption, and data restoration without disrupting forensics.
Ransomware forensics analysis is arduous and requires close interaction with the groups assigned to data recovery and, if needed, settlement discussions with the ransomware Threat Actor (TA). Ransomware forensics can require the examination of all logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to check for changes.
Activities involved with forensics investigation include:
- Disconnect without shutting off all potentially impacted devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user passwords, and setting up two-factor authentication to guard backups.
- Copy forensically sound images of all suspect devices so your file recovery group can proceed
- Preserve firewall, virtual private network, and other key logs as quickly as possible
- Establish the strain of ransomware used in the attack
- Survey each machine and data store on the system as well as cloud-hosted storage for signs of compromise
- Inventory all encrypted devices
- Determine the kind of ransomware used in the attack
- Review log activity and sessions in order to establish the timeline of the ransomware assault and to spot any possible lateral migration from the first infected machine
- Identify the attack vectors used to carry out the ransomware attack
- Look for the creation of executables surrounding the first encrypted files or network compromise
- Parse Outlook PST files
- Examine attachments
- Extract URLs embedded in messages and check to see if they are malicious
- Provide comprehensive attack reporting to meet your insurance carrier and compliance mandates
- Suggest recommended improvements to close security gaps and improve workflows that reduce the risk of a future ransomware exploit
Progent has delivered online and on-premises IT services throughout the United States for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have been awarded advanced certifications in foundation technologies including Cisco networking, VMware, and major Linux distros. Progent's data security consultants have earned prestigious certifications including CISA, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and ERP applications. This scope of expertise allows Progent to salvage and consolidate the surviving pieces of your IT environment following a ransomware attack and reconstruct them rapidly into a viable system. Progent has collaborated with leading cyber insurance carriers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Charlotte
To learn more about how Progent can help your Charlotte business with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.