Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Chesapeake
Progent's ransomware forensics experts can save the system state after a ransomware attack and perform a detailed forensics analysis without disrupting activity related to operational resumption and data restoration. Your Chesapeake business can use Progent's post-attack ransomware forensics report to counter future ransomware assaults, validate the cleanup of encrypted data, and meet insurance and governmental reporting requirements.
Ransomware forensics involves tracking and describing the ransomware assault's storyline across the targeted network from beginning to end. This audit trail of the way a ransomware attack progressed within the network helps you to assess the impact and highlights vulnerabilities in security policies or processes that should be corrected to prevent future break-ins. Forensic analysis is usually given a high priority by the cyber insurance provider and is often required by government and industry regulations. Because forensics can be time consuming, it is critical that other important activities such as business continuity are executed concurrently. Progent maintains a large roster of information technology and data security experts with the knowledge and experience required to carry out the work of containment, business resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics investigation is time consuming and calls for close interaction with the teams focused on file cleanup and, if needed, payment discussions with the ransomware hacker. Ransomware forensics can require the review of logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to look for variations.
Services associated with forensics analysis include:
- Disconnect but avoid shutting off all possibly suspect devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user PWs, and setting up two-factor authentication to protect backups.
- Copy forensically valid duplicates of all exposed devices so the data restoration team can get started
- Preserve firewall, virtual private network, and additional critical logs as soon as feasible
- Establish the type of ransomware involved in the assault
- Inspect each computer and storage device on the system including cloud-hosted storage for signs of encryption
- Inventory all encrypted devices
- Establish the kind of ransomware used in the assault
- Review log activity and user sessions to establish the timeline of the ransomware attack and to identify any potential sideways movement from the originally infected machine
- Understand the security gaps used to perpetrate the ransomware assault
- Look for new executables surrounding the original encrypted files or network breach
- Parse Outlook PST files
- Examine attachments
- Separate URLs embedded in messages and check to see whether they are malware
- Provide comprehensive incident documentation to satisfy your insurance carrier and compliance mandates
- Suggest recommended improvements to close cybersecurity gaps and improve workflows that reduce the risk of a future ransomware exploit
Progent has provided remote and onsite network services throughout the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have earned advanced certifications in foundation technologies such as Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial and Enterprise Resource Planning applications. This broad array of expertise allows Progent to identify and consolidate the undamaged pieces of your IT environment after a ransomware attack and reconstruct them quickly into a functioning system. Progent has worked with leading insurance carriers including Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Services in Chesapeake
To learn more information about how Progent can assist your Chesapeake business with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.