Progent's Ransomware Forensics Investigation and Reporting in Dayton
Progent's ransomware forensics experts can preserve the system state after a ransomware attack and carry out a comprehensive forensics analysis without disrupting activity related to operational resumption and data recovery. Your Dayton organization can use Progent's post-attack ransomware forensics documentation to counter subsequent ransomware assaults, assist in the recovery of lost data, and comply with insurance and regulatory mandates.
Ransomware forensics involves determining and describing the ransomware assault's progress across the targeted network from beginning to end. This audit trail of how a ransomware attack progressed within the network assists you to evaluate the impact and uncovers weaknesses in rules or processes that need to be rectified to avoid later break-ins. Forensic analysis is usually assigned a top priority by the cyber insurance provider and is often required by state and industry regulations. Because forensic analysis can take time, it is vital that other key recovery processes like operational continuity are executed concurrently. Progent maintains a large team of IT and cybersecurity experts with the knowledge and experience required to carry out the work of containment, operational resumption, and data restoration without interfering with forensics.
Ransomware forensics investigation is complex and calls for close interaction with the groups responsible for file restoration and, if necessary, payment talks with the ransomware Threat Actor (TA). forensics typically involve the examination of all logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to look for variations.
Services involved with forensics include:
- Isolate but avoid shutting down all potentially suspect devices from the network. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and implementing 2FA to guard backups.
- Create forensically complete digital images of all suspect devices so the file restoration team can get started
- Save firewall, VPN, and additional key logs as soon as possible
- Determine the version of ransomware used in the attack
- Inspect each computer and storage device on the network including cloud storage for signs of encryption
- Inventory all encrypted devices
- Determine the type of ransomware involved in the assault
- Review logs and user sessions in order to establish the time frame of the ransomware attack and to spot any possible lateral movement from the originally compromised machine
- Identify the security gaps exploited to perpetrate the ransomware assault
- Search for the creation of executables associated with the original encrypted files or network breach
- Parse Outlook PST files
- Analyze attachments
- Separate any URLs from messages and check to see if they are malicious
- Provide comprehensive attack documentation to satisfy your insurance and compliance regulations
- Suggest recommended improvements to shore up security vulnerabilities and improve workflows that reduce the risk of a future ransomware exploit
Progent has delivered online and on-premises network services throughout the United States for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SBEs) includes consultants who have earned high-level certifications in foundation technology platforms including Cisco infrastructure, VMware, and major distributions of Linux. Progent's data security consultants have earned prestigious certifications including CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has guidance in financial and ERP applications. This broad array of skills gives Progent the ability to salvage and consolidate the undamaged pieces of your network after a ransomware intrusion and reconstruct them rapidly into an operational system. Progent has worked with leading cyber insurance providers including Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Dayton
To learn more about ways Progent can help your Dayton organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.