Progent's Ransomware Forensics Investigation and Reporting in Chicago
Progent's ransomware forensics experts can save the system state after a ransomware assault and perform a comprehensive forensics analysis without interfering with the processes related to business resumption and data recovery. Your Chicago business can utilize Progent's post-attack forensics documentation to counter future ransomware attacks, assist in the recovery of encrypted data, and comply with insurance carrier and governmental mandates.
Ransomware forensics involves discovering and describing the ransomware assault's progress across the targeted network from beginning to end. This history of how a ransomware assault progressed within the network assists you to evaluate the impact and brings to light shortcomings in rules or processes that should be rectified to avoid later break-ins. Forensic analysis is commonly assigned a high priority by the insurance provider and is typically mandated by state and industry regulations. Because forensics can take time, it is essential that other important recovery processes like business resumption are pursued in parallel. Progent maintains a large roster of information technology and security professionals with the skills required to perform the work of containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics investigation is complicated and requires close interaction with the groups responsible for data restoration and, if necessary, payment negotiation with the ransomware Threat Actor (TA). Ransomware forensics typically require the examination of logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to look for variations.
Services involved with forensics investigation include:
- Disconnect but avoid shutting down all possibly suspect devices from the network. This may involve closing all RDP ports and Internet facing NAS storage, changing admin credentials and user PWs, and setting up 2FA to guard your backups.
- Preserve forensically complete duplicates of all suspect devices so your data restoration group can get started
- Preserve firewall, virtual private network, and other key logs as soon as possible
- Determine the type of ransomware used in the attack
- Survey every machine and storage device on the system including cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Establish the kind of ransomware used in the assault
- Review logs and sessions to establish the timeline of the attack and to spot any potential lateral migration from the first infected machine
- Identify the attack vectors exploited to perpetrate the ransomware attack
- Search for the creation of executables associated with the first encrypted files or network compromise
- Parse Outlook web archives
- Examine email attachments
- Extract URLs embedded in messages and check to see if they are malware
- Provide detailed attack reporting to meet your insurance carrier and compliance requirements
- Suggest recommendations to close cybersecurity gaps and enforce processes that lower the risk of a future ransomware breach
Progent's Background
Progent has delivered online and on-premises IT services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have earned advanced certifications in core technologies such as Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's cybersecurity consultants have earned prestigious certifications such as CISA, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning application software. This broad array of expertise gives Progent the ability to identify and integrate the surviving pieces of your information system after a ransomware intrusion and rebuild them quickly into a functioning network. Progent has worked with leading cyber insurance providers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Services in Chicago
To learn more about how Progent can help your Chicago business with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.