Progent's Ransomware Forensics and Reporting Services in Chicago
Progent's ransomware forensics experts can capture the evidence of a ransomware assault and perform a detailed forensics analysis without disrupting activity related to business resumption and data restoration. Your Chicago organization can use Progent's post-attack forensics report to counter subsequent ransomware attacks, validate the recovery of encrypted data, and comply with insurance carrier and governmental reporting requirements.
Ransomware forensics analysis involves determining and describing the ransomware attack's storyline across the network from start to finish. This history of the way a ransomware assault travelled through the network helps you to evaluate the damage and brings to light shortcomings in security policies or processes that should be rectified to prevent later break-ins. Forensic analysis is typically given a high priority by the insurance carrier and is typically required by state and industry regulations. Because forensics can be time consuming, it is critical that other important activities like operational resumption are performed concurrently. Progent has a large team of IT and cybersecurity experts with the skills needed to perform the work of containment, operational resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics analysis is complex and requires intimate cooperation with the teams focused on data restoration and, if needed, settlement discussions with the ransomware hacker. forensics typically require the review of logs, registry, GPO, Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to check for anomalies.
Activities involved with forensics analysis include:
- Isolate but avoid shutting off all possibly impacted devices from the system. This can involve closing all RDP ports and Internet facing network-attached storage, changing admin credentials and user passwords, and implementing 2FA to guard backups.
- Preserve forensically valid images of all suspect devices so your file recovery group can get started
- Save firewall, VPN, and additional critical logs as soon as possible
- Establish the strain of ransomware involved in the attack
- Survey every machine and data store on the system including cloud storage for signs of compromise
- Catalog all encrypted devices
- Determine the type of ransomware used in the assault
- Study log activity and user sessions to establish the time frame of the ransomware attack and to spot any possible sideways migration from the first compromised system
- Understand the security gaps exploited to perpetrate the ransomware attack
- Look for the creation of executables surrounding the first encrypted files or system breach
- Parse Outlook web archives
- Analyze email attachments
- Extract any URLs embedded in email messages and check to see if they are malware
- Provide detailed attack documentation to meet your insurance and compliance mandates
- Document recommendations to close security gaps and improve workflows that reduce the risk of a future ransomware exploit
Progent has delivered online and onsite IT services across the U.S. for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have earned advanced certifications in core technologies such as Cisco infrastructure, VMware, and major Linux distros. Progent's cybersecurity consultants have earned prestigious certifications such as CISM, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial management and Enterprise Resource Planning software. This breadth of skills allows Progent to salvage and consolidate the undamaged parts of your IT environment after a ransomware assault and rebuild them quickly into an operational network. Progent has worked with leading insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Chicago
To learn more about how Progent can help your Chicago organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.