Progent's Ransomware Forensics and Reporting in Chicago
Progent's ransomware forensics consultants can preserve the system state after a ransomware assault and carry out a comprehensive forensics investigation without slowing down activity related to business continuity and data recovery. Your Chicago business can use Progent's post-attack forensics documentation to combat subsequent ransomware assaults, validate the restoration of encrypted data, and meet insurance and regulatory mandates.
Ransomware forensics analysis involves tracking and documenting the ransomware assault's progress throughout the targeted network from beginning to end. This history of how a ransomware assault travelled within the network assists your IT staff to assess the impact and brings to light shortcomings in policies or work habits that need to be corrected to avoid later breaches. Forensics is typically assigned a top priority by the insurance provider and is typically mandated by government and industry regulations. Because forensics can take time, it is essential that other important activities such as operational continuity are executed in parallel. Progent has a large team of IT and security experts with the knowledge and experience required to carry out activities for containment, operational resumption, and data restoration without interfering with forensics.
Ransomware forensics investigation is time consuming and requires intimate interaction with the groups responsible for file restoration and, if necessary, settlement negotiation with the ransomware Threat Actor (TA). Ransomware forensics can involve the review of logs, registry, Group Policy Object (GPO), AD, DNS servers, routers, firewalls, schedulers, and core Windows systems to look for anomalies.
Activities involved with forensics include:
- Isolate but avoid shutting down all possibly suspect devices from the system. This may involve closing all RDP ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and configuring 2FA to secure your backups.
- Copy forensically sound digital images of all suspect devices so the data restoration team can proceed
- Preserve firewall, VPN, and other critical logs as soon as possible
- Identify the version of ransomware used in the attack
- Survey every machine and storage device on the system as well as cloud-hosted storage for signs of compromise
- Catalog all encrypted devices
- Establish the kind of ransomware used in the attack
- Study logs and user sessions to determine the timeline of the ransomware attack and to identify any possible lateral migration from the originally infected machine
- Identify the attack vectors used to carry out the ransomware attack
- Search for new executables surrounding the first encrypted files or network compromise
- Parse Outlook PST files
- Analyze email attachments
- Separate URLs from email messages and determine if they are malicious
- Provide extensive attack reporting to satisfy your insurance carrier and compliance requirements
- Document recommended improvements to close cybersecurity vulnerabilities and improve workflows that reduce the risk of a future ransomware breach
Progent has provided remote and on-premises IT services throughout the United States for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have earned high-level certifications in core technology platforms including Cisco networking, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned industry-recognized certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also offers guidance in financial management and ERP application software. This broad array of skills gives Progent the ability to identify and integrate the undamaged pieces of your information system following a ransomware intrusion and rebuild them quickly into a functioning system. Progent has worked with leading cyber insurance providers like Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Services in Chicago
To find out more about ways Progent can help your Chicago organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.