Overview of Progent's Ransomware Forensics and Reporting Services in Chandler
Progent's ransomware forensics consultants can capture the evidence of a ransomware assault and perform a detailed forensics investigation without interfering with the processes required for business resumption and data restoration. Your Chandler business can use Progent's post-attack ransomware forensics report to combat future ransomware attacks, validate the restoration of lost data, and meet insurance carrier and governmental requirements.
Ransomware forensics investigation is aimed at discovering and describing the ransomware attack's storyline throughout the network from beginning to end. This audit trail of the way a ransomware attack travelled through the network assists your IT staff to evaluate the impact and highlights shortcomings in security policies or work habits that should be rectified to avoid later break-ins. Forensics is usually assigned a high priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Because forensic analysis can be time consuming, it is essential that other key activities like business resumption are performed concurrently. Progent has an extensive roster of IT and cybersecurity professionals with the knowledge and experience needed to carry out the work of containment, business continuity, and data restoration without disrupting forensics.
Ransomware forensics investigation is complicated and requires intimate interaction with the teams focused on data recovery and, if needed, payment negotiation with the ransomware hacker. Ransomware forensics typically involve the review of all logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and basic Windows systems to detect changes.
Services associated with forensics investigation include:
- Isolate without shutting down all potentially impacted devices from the system. This may require closing all RDP ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and configuring two-factor authentication to protect backups.
- Create forensically valid images of all suspect devices so your data restoration team can get started
- Preserve firewall, virtual private network, and other key logs as quickly as feasible
- Establish the kind of ransomware involved in the attack
- Inspect each computer and data store on the system including cloud-hosted storage for signs of encryption
- Inventory all encrypted devices
- Establish the kind of ransomware used in the assault
- Review log activity and user sessions in order to determine the timeline of the assault and to identify any potential sideways migration from the first compromised system
- Understand the security gaps exploited to perpetrate the ransomware assault
- Search for new executables surrounding the original encrypted files or system compromise
- Parse Outlook web archives
- Examine attachments
- Extract URLs from messages and check to see whether they are malware
- Provide comprehensive attack reporting to satisfy your insurance and compliance requirements
- List recommendations to shore up security vulnerabilities and enforce workflows that lower the risk of a future ransomware breach
Progent has delivered online and on-premises network services throughout the U.S. for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes consultants who have earned advanced certifications in core technology platforms including Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications such as CISA, CISSP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial management and ERP application software. This breadth of skills gives Progent the ability to identify and integrate the surviving parts of your information system after a ransomware intrusion and reconstruct them quickly into an operational system. Progent has collaborated with leading cyber insurance carriers like Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Chandler
To find out more information about how Progent can assist your Chandler organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.