Overview of Progent's Ransomware Forensics and Reporting in Chicago
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and carry out a detailed forensics analysis without impeding the processes required for business resumption and data recovery. Your Chicago organization can utilize Progent's post-attack ransomware forensics report to combat future ransomware attacks, validate the recovery of encrypted data, and meet insurance and regulatory mandates.
Ransomware forensics analysis involves discovering and documenting the ransomware attack's storyline across the targeted network from beginning to end. This history of the way a ransomware assault progressed through the network assists your IT staff to assess the damage and brings to light gaps in security policies or processes that should be rectified to avoid later breaches. Forensics is commonly given a top priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Since forensic analysis can take time, it is vital that other key activities such as operational continuity are performed in parallel. Progent maintains a large team of IT and cybersecurity professionals with the knowledge and experience required to perform activities for containment, operational resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics investigation is complex and requires close interaction with the teams assigned to file restoration and, if needed, settlement discussions with the ransomware Threat Actor (TA). forensics typically require the examination of logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, schedulers, and basic Windows systems to detect anomalies.
Services involved with forensics investigation include:
- Detach without shutting down all potentially impacted devices from the system. This may require closing all RDP ports and Internet facing network-attached storage, changing admin credentials and user PWs, and implementing two-factor authentication to protect backups.
- Create forensically complete images of all suspect devices so your file recovery group can proceed
- Save firewall, virtual private network, and additional key logs as soon as possible
- Identify the variety of ransomware used in the attack
- Examine each machine and storage device on the system including cloud storage for signs of encryption
- Inventory all compromised devices
- Determine the type of ransomware used in the attack
- Study logs and sessions to establish the timeline of the assault and to identify any potential sideways migration from the originally infected machine
- Identify the security gaps used to carry out the ransomware attack
- Search for the creation of executables associated with the first encrypted files or system compromise
- Parse Outlook PST files
- Examine email attachments
- Separate URLs embedded in messages and determine whether they are malicious
- Produce comprehensive attack reporting to satisfy your insurance carrier and compliance requirements
- Document recommended improvements to shore up cybersecurity gaps and enforce workflows that reduce the risk of a future ransomware breach
Progent has delivered online and onsite network services throughout the United States for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes professionals who have been awarded high-level certifications in core technology platforms such as Cisco networking, VMware, and major distributions of Linux. Progent's data security consultants have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial and Enterprise Resource Planning applications. This breadth of expertise gives Progent the ability to salvage and integrate the surviving parts of your IT environment after a ransomware attack and reconstruct them rapidly into a functioning network. Progent has worked with top insurance carriers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Services in Chicago
To learn more about ways Progent can help your Chicago organization with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.