Overview of Progent's Ransomware Forensics Investigation and Reporting in Clearwater
Progent's ransomware forensics consultants can preserve the evidence of a ransomware attack and perform a detailed forensics analysis without interfering with activity related to operational resumption and data recovery. Your Clearwater business can utilize Progent's ransomware forensics documentation to block subsequent ransomware attacks, validate the restoration of lost data, and meet insurance and governmental requirements.
Ransomware forensics investigation is aimed at discovering and documenting the ransomware attack's progress throughout the targeted network from beginning to end. This history of how a ransomware attack travelled through the network assists your IT staff to assess the damage and highlights gaps in policies or work habits that should be rectified to avoid later break-ins. Forensic analysis is usually given a top priority by the cyber insurance carrier and is often mandated by state and industry regulations. Since forensics can take time, it is essential that other important recovery processes such as operational continuity are pursued concurrently. Progent maintains a large team of information technology and data security professionals with the skills needed to carry out the work of containment, business resumption, and data restoration without interfering with forensics.
Ransomware forensics analysis is arduous and requires intimate cooperation with the teams focused on file cleanup and, if necessary, settlement negotiation with the ransomware hacker. forensics typically involve the review of all logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to detect changes.
Activities associated with forensics analysis include:
- Disconnect but avoid shutting down all possibly impacted devices from the network. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and implementing two-factor authentication to protect your backups.
- Preserve forensically sound images of all suspect devices so your data restoration group can proceed
- Preserve firewall, virtual private network, and other critical logs as quickly as feasible
- Identify the version of ransomware involved in the attack
- Examine each computer and storage device on the system including cloud storage for signs of encryption
- Inventory all encrypted devices
- Determine the type of ransomware involved in the assault
- Review log activity and user sessions to determine the timeline of the ransomware attack and to spot any possible sideways migration from the originally compromised machine
- Identify the attack vectors exploited to perpetrate the ransomware attack
- Look for new executables associated with the original encrypted files or system compromise
- Parse Outlook PST files
- Analyze email attachments
- Extract URLs embedded in messages and determine if they are malware
- Produce extensive incident documentation to satisfy your insurance and compliance regulations
- Suggest recommendations to shore up security vulnerabilities and improve processes that reduce the exposure to a future ransomware exploit
Progent has delivered online and on-premises network services across the U.S. for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SBEs includes professionals who have been awarded advanced certifications in core technology platforms such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISM, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning applications. This broad array of expertise allows Progent to identify and consolidate the surviving pieces of your network after a ransomware intrusion and rebuild them quickly into an operational system. Progent has collaborated with leading cyber insurance carriers including Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Clearwater
To find out more information about how Progent can help your Clearwater business with ransomware forensics, call 1-800-993-9400 or see Contact Progent.