Progent's Ransomware Forensics and Reporting Services in Chicago
Progent's ransomware forensics consultants can preserve the evidence of a ransomware attack and carry out a comprehensive forensics investigation without disrupting the processes related to business resumption and data restoration. Your Chicago business can use Progent's post-attack forensics documentation to counter future ransomware assaults, validate the cleanup of encrypted data, and meet insurance carrier and regulatory reporting requirements.
Ransomware forensics investigation is aimed at discovering and documenting the ransomware assault's storyline across the targeted network from start to finish. This audit trail of the way a ransomware assault travelled through the network helps you to assess the impact and brings to light vulnerabilities in security policies or processes that should be rectified to avoid future breaches. Forensic analysis is commonly given a top priority by the insurance carrier and is typically mandated by government and industry regulations. Since forensic analysis can be time consuming, it is critical that other key activities such as operational resumption are pursued in parallel. Progent has a large team of IT and cybersecurity experts with the knowledge and experience required to perform activities for containment, operational resumption, and data restoration without interfering with forensics.
Ransomware forensics is complicated and requires close cooperation with the teams focused on data recovery and, if necessary, settlement talks with the ransomware threat actor. Ransomware forensics can require the review of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect changes.
Services involved with forensics analysis include:
- Disconnect but avoid shutting down all potentially suspect devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user passwords, and implementing 2FA to secure backups.
- Capture forensically complete digital images of all exposed devices so the data restoration group can proceed
- Save firewall, VPN, and other critical logs as quickly as possible
- Establish the version of ransomware used in the attack
- Inspect each machine and data store on the network including cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Determine the type of ransomware used in the assault
- Review logs and user sessions in order to establish the time frame of the ransomware attack and to spot any possible sideways migration from the originally infected machine
- Identify the security gaps used to carry out the ransomware assault
- Look for new executables associated with the first encrypted files or system compromise
- Parse Outlook web archives
- Analyze attachments
- Separate any URLs from email messages and determine whether they are malicious
- Provide extensive incident reporting to satisfy your insurance carrier and compliance regulations
- Suggest recommendations to close cybersecurity vulnerabilities and improve workflows that lower the exposure to a future ransomware breach
Progent's Qualifications
Progent has delivered remote and onsite IT services throughout the U.S. for over two decades and has earned Microsoft's Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have earned high-level certifications in core technology platforms such as Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned prestigious certifications including CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers top-tier support in financial management and Enterprise Resource Planning software. This scope of expertise gives Progent the ability to salvage and consolidate the surviving pieces of your IT environment after a ransomware attack and rebuild them rapidly into a functioning network. Progent has collaborated with leading insurance providers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Chicago
To learn more about how Progent can assist your Chicago organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.