Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Chesapeake
Progent's ransomware forensics experts can save the system state after a ransomware assault and perform a comprehensive forensics investigation without interfering with activity required for business continuity and data restoration. Your Chesapeake business can use Progent's post-attack forensics documentation to counter future ransomware attacks, validate the restoration of encrypted data, and meet insurance and governmental mandates.
Ransomware forensics investigation involves discovering and documenting the ransomware assault's progress throughout the network from start to finish. This history of the way a ransomware attack travelled within the network helps you to assess the damage and brings to light vulnerabilities in policies or processes that need to be rectified to avoid later breaches. Forensics is typically assigned a top priority by the cyber insurance provider and is typically mandated by government and industry regulations. Because forensic analysis can take time, it is critical that other important activities such as business resumption are performed concurrently. Progent maintains a large roster of IT and data security experts with the skills needed to carry out the work of containment, business continuity, and data restoration without interfering with forensics.
Ransomware forensics investigation is arduous and requires close interaction with the teams responsible for file restoration and, if needed, payment talks with the ransomware hacker. Ransomware forensics can require the examination of logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, schedulers, and core Windows systems to detect changes.
Services associated with forensics include:
- Isolate without shutting down all potentially impacted devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and configuring two-factor authentication to guard backups.
- Capture forensically complete duplicates of all suspect devices so your file recovery group can get started
- Preserve firewall, virtual private network, and other key logs as quickly as possible
- Identify the variety of ransomware involved in the attack
- Inspect each computer and data store on the network as well as cloud storage for signs of compromise
- Inventory all compromised devices
- Determine the type of ransomware used in the attack
- Review log activity and user sessions in order to determine the timeline of the ransomware attack and to identify any potential lateral migration from the originally compromised system
- Understand the attack vectors used to carry out the ransomware attack
- Search for new executables surrounding the first encrypted files or system breach
- Parse Outlook PST files
- Examine email attachments
- Separate URLs embedded in messages and determine if they are malware
- Provide detailed attack reporting to meet your insurance carrier and compliance requirements
- Document recommended improvements to close security vulnerabilities and enforce workflows that lower the risk of a future ransomware breach
Progent's Qualifications
Progent has delivered online and onsite IT services across the U.S. for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in core technologies including Cisco networking, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications such as CISA, CISSP, and CRISC. (See Progent's certifications). Progent also has guidance in financial and Enterprise Resource Planning application software. This breadth of expertise gives Progent the ability to identify and consolidate the undamaged pieces of your IT environment following a ransomware intrusion and reconstruct them quickly into a viable network. Progent has collaborated with top insurance providers like Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Chesapeake
To find out more about ways Progent can assist your Chesapeake organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.