Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Los Angeles
Progent's ransomware forensics experts can capture the system state after a ransomware assault and perform a detailed forensics analysis without impeding the processes related to business resumption and data restoration. Your Los Angeles organization can utilize Progent's post-attack forensics report to counter future ransomware assaults, assist in the restoration of lost data, and meet insurance carrier and governmental requirements.
Ransomware forensics investigation involves tracking and documenting the ransomware attack's storyline throughout the network from beginning to end. This history of how a ransomware attack progressed through the network assists you to assess the impact and brings to light vulnerabilities in rules or processes that need to be corrected to prevent future break-ins. Forensics is usually given a top priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Since forensic analysis can be time consuming, it is vital that other important recovery processes such as business resumption are pursued concurrently. Progent maintains a large roster of information technology and security experts with the skills needed to perform activities for containment, operational continuity, and data recovery without interfering with forensics.
Ransomware forensics is arduous and requires close interaction with the groups assigned to data restoration and, if necessary, payment negotiation with the ransomware hacker. forensics can involve the review of logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and basic Windows systems to check for variations.
Activities associated with forensics include:
- Isolate without shutting down all potentially suspect devices from the network. This may require closing all RDP ports and Internet facing network-attached storage, modifying admin credentials and user PWs, and setting up two-factor authentication to secure backups.
- Preserve forensically valid duplicates of all suspect devices so the file restoration group can proceed
- Save firewall, VPN, and additional key logs as quickly as possible
- Identify the type of ransomware used in the assault
- Examine each machine and data store on the system including cloud storage for signs of encryption
- Catalog all encrypted devices
- Determine the type of ransomware involved in the attack
- Review log activity and sessions in order to determine the timeline of the ransomware attack and to spot any potential sideways migration from the originally infected machine
- Identify the security gaps exploited to carry out the ransomware attack
- Search for the creation of executables associated with the original encrypted files or network compromise
- Parse Outlook PST files
- Examine attachments
- Extract any URLs from messages and check to see if they are malware
- Produce comprehensive attack reporting to satisfy your insurance and compliance requirements
- List recommended improvements to close cybersecurity gaps and improve processes that reduce the risk of a future ransomware breach
Progent's Qualifications
Progent has delivered online and on-premises IT services across the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes professionals who have earned advanced certifications in foundation technologies including Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also offers top-tier support in financial and ERP application software. This breadth of skills allows Progent to identify and consolidate the surviving parts of your network after a ransomware assault and reconstruct them rapidly into an operational network. Progent has collaborated with leading insurance carriers including Chubb to help organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Los Angeles
To find out more about how Progent can assist your Los Angeles organization with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.