Overview of Progent's Ransomware Forensics and Reporting in Chesapeake
Progent's ransomware forensics consultants can save the system state after a ransomware attack and carry out a comprehensive forensics investigation without interfering with the processes related to operational continuity and data recovery. Your Chesapeake organization can utilize Progent's post-attack forensics documentation to combat subsequent ransomware attacks, assist in the restoration of lost data, and meet insurance carrier and governmental mandates.
Ransomware forensics involves determining and describing the ransomware assault's storyline across the targeted network from beginning to end. This history of the way a ransomware assault travelled within the network helps you to assess the impact and uncovers shortcomings in policies or processes that should be corrected to prevent future breaches. Forensic analysis is commonly assigned a high priority by the cyber insurance carrier and is often required by government and industry regulations. Because forensics can be time consuming, it is vital that other key activities like operational continuity are performed in parallel. Progent has a large roster of IT and data security experts with the skills required to perform the work of containment, business continuity, and data restoration without disrupting forensics.
Ransomware forensics investigation is complex and requires close cooperation with the teams focused on data restoration and, if necessary, settlement negotiation with the ransomware Threat Actor (TA). Ransomware forensics typically require the review of all logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to check for variations.
Services associated with forensics include:
- Disconnect without shutting down all potentially impacted devices from the network. This can involve closing all RDP ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and implementing 2FA to protect backups.
- Copy forensically valid duplicates of all exposed devices so your file restoration group can proceed
- Preserve firewall, virtual private network, and additional key logs as quickly as possible
- Establish the kind of ransomware involved in the assault
- Inspect each machine and storage device on the system as well as cloud-hosted storage for indications of compromise
- Inventory all encrypted devices
- Determine the kind of ransomware used in the attack
- Study logs and user sessions to determine the timeline of the assault and to identify any possible lateral movement from the originally compromised machine
- Understand the security gaps used to carry out the ransomware attack
- Search for the creation of executables associated with the first encrypted files or network compromise
- Parse Outlook PST files
- Analyze attachments
- Separate any URLs embedded in email messages and determine if they are malware
- Provide comprehensive attack reporting to satisfy your insurance and compliance requirements
- List recommended improvements to close cybersecurity vulnerabilities and improve processes that reduce the risk of a future ransomware exploit
Progent has provided remote and onsite IT services throughout the U.S. for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have earned advanced certifications in core technologies such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also has guidance in financial management and ERP applications. This breadth of skills allows Progent to salvage and consolidate the surviving pieces of your IT environment following a ransomware assault and reconstruct them quickly into a functioning system. Progent has worked with top cyber insurance carriers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Chesapeake
To find out more information about how Progent can help your Chesapeake business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.