Progent's Ransomware Forensics Investigation and Reporting in Dayton
Progent's ransomware forensics experts can save the evidence of a ransomware assault and perform a detailed forensics investigation without impeding the processes required for operational continuity and data restoration. Your Dayton organization can utilize Progent's post-attack forensics report to counter future ransomware assaults, assist in the recovery of lost data, and meet insurance carrier and regulatory mandates.
Ransomware forensics analysis involves tracking and documenting the ransomware assault's progress across the targeted network from start to finish. This history of the way a ransomware assault travelled through the network assists your IT staff to assess the impact and brings to light gaps in rules or processes that need to be rectified to avoid later breaches. Forensic analysis is commonly assigned a high priority by the cyber insurance provider and is often required by government and industry regulations. Because forensic analysis can take time, it is critical that other key recovery processes such as operational resumption are performed in parallel. Progent maintains an extensive roster of information technology and security experts with the knowledge and experience required to perform the work of containment, business resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics is time consuming and requires close interaction with the teams focused on file cleanup and, if necessary, payment talks with the ransomware hacker. forensics typically involve the review of logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, schedulers, and core Windows systems to look for anomalies.
Activities associated with forensics analysis include:
- Disconnect but avoid shutting off all possibly impacted devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user passwords, and implementing 2FA to protect your backups.
- Preserve forensically sound images of all suspect devices so your data restoration team can proceed
- Save firewall, VPN, and other key logs as quickly as possible
- Determine the variety of ransomware involved in the attack
- Survey each computer and data store on the system as well as cloud-hosted storage for indications of encryption
- Catalog all encrypted devices
- Establish the kind of ransomware used in the assault
- Review log activity and user sessions to determine the timeline of the assault and to spot any possible lateral migration from the originally compromised machine
- Identify the security gaps exploited to perpetrate the ransomware assault
- Look for new executables surrounding the first encrypted files or network breach
- Parse Outlook PST files
- Examine attachments
- Extract URLs from email messages and check to see whether they are malicious
- Produce comprehensive attack documentation to satisfy your insurance carrier and compliance mandates
- Document recommendations to shore up security vulnerabilities and enforce workflows that reduce the exposure to a future ransomware breach
Progent's Background
Progent has provided online and on-premises network services across the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have been awarded advanced certifications in foundation technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning application software. This broad array of expertise allows Progent to salvage and integrate the surviving pieces of your IT environment after a ransomware attack and reconstruct them quickly into a functioning network. Progent has collaborated with leading insurance carriers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Dayton
To learn more about how Progent can assist your Dayton business with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.