Progent's Ransomware Forensics and Reporting in Los Angeles
Progent's ransomware forensics consultants can capture the evidence of a ransomware attack and perform a detailed forensics analysis without interfering with activity related to operational continuity and data recovery. Your Los Angeles business can use Progent's post-attack ransomware forensics documentation to counter subsequent ransomware attacks, validate the restoration of encrypted data, and meet insurance and governmental requirements.
Ransomware forensics investigation involves determining and documenting the ransomware attack's storyline across the targeted network from start to finish. This audit trail of the way a ransomware attack progressed through the network assists your IT staff to assess the impact and brings to light vulnerabilities in policies or work habits that should be corrected to prevent later break-ins. Forensics is typically assigned a high priority by the insurance carrier and is often mandated by state and industry regulations. Since forensic analysis can be time consuming, it is vital that other important activities like business resumption are pursued in parallel. Progent has an extensive roster of IT and security experts with the knowledge and experience required to perform the work of containment, business continuity, and data restoration without interfering with forensics.
Ransomware forensics analysis is complicated and calls for intimate cooperation with the teams assigned to data cleanup and, if necessary, settlement negotiation with the ransomware hacker. forensics can require the review of all logs, registry, Group Policy Object, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and basic Windows systems to look for variations.
Services involved with forensics analysis include:
- Disconnect but avoid shutting off all possibly impacted devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user PWs, and implementing two-factor authentication to protect backups.
- Copy forensically complete digital images of all suspect devices so your data restoration team can get started
- Preserve firewall, VPN, and additional key logs as soon as feasible
- Determine the version of ransomware involved in the assault
- Examine each machine and data store on the system including cloud storage for signs of encryption
- Catalog all encrypted devices
- Determine the type of ransomware involved in the assault
- Review logs and sessions to establish the time frame of the assault and to identify any possible sideways migration from the originally infected system
- Understand the attack vectors exploited to perpetrate the ransomware assault
- Look for the creation of executables associated with the original encrypted files or network breach
- Parse Outlook web archives
- Analyze email attachments
- Extract URLs embedded in messages and determine if they are malicious
- Produce comprehensive incident reporting to satisfy your insurance carrier and compliance mandates
- Suggest recommendations to shore up security gaps and improve workflows that reduce the risk of a future ransomware breach
Progent has delivered online and on-premises IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of SBEs includes consultants who have earned high-level certifications in foundation technology platforms including Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial and Enterprise Resource Planning applications. This breadth of expertise gives Progent the ability to salvage and consolidate the undamaged parts of your network after a ransomware intrusion and reconstruct them rapidly into a viable network. Progent has worked with leading cyber insurance providers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Services in Los Angeles
To learn more about ways Progent can assist your Los Angeles organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.