Progent's Ransomware Forensics Analysis and Reporting in Garland
Progent's ransomware forensics consultants can save the evidence of a ransomware assault and carry out a detailed forensics analysis without impeding activity required for business resumption and data recovery. Your Garland business can use Progent's post-attack ransomware forensics documentation to counter subsequent ransomware assaults, assist in the cleanup of encrypted data, and comply with insurance and governmental requirements.
Ransomware forensics is aimed at determining and documenting the ransomware assault's progress throughout the network from start to finish. This audit trail of how a ransomware assault travelled within the network assists you to assess the damage and highlights gaps in policies or work habits that should be corrected to avoid future break-ins. Forensic analysis is typically assigned a high priority by the insurance carrier and is typically required by government and industry regulations. Because forensics can take time, it is vital that other important activities such as business resumption are performed concurrently. Progent maintains an extensive roster of IT and security experts with the skills needed to perform the work of containment, business resumption, and data restoration without interfering with forensics.
Ransomware forensics analysis is complex and requires intimate cooperation with the teams responsible for file restoration and, if needed, settlement talks with the ransomware Threat Actor. forensics typically require the review of logs, registry, GPO, AD, DNS, routers, firewalls, schedulers, and basic Windows systems to look for anomalies.
Services associated with forensics analysis include:
- Detach but avoid shutting down all potentially affected devices from the system. This can involve closing all RDP ports and Internet connected NAS storage, changing admin credentials and user passwords, and setting up 2FA to protect backups.
- Preserve forensically sound duplicates of all suspect devices so the data recovery group can get started
- Save firewall, VPN, and other key logs as quickly as possible
- Determine the strain of ransomware used in the attack
- Inspect each computer and data store on the system including cloud-hosted storage for indications of encryption
- Inventory all compromised devices
- Establish the type of ransomware involved in the attack
- Study log activity and user sessions to determine the timeline of the ransomware attack and to spot any potential sideways movement from the first compromised machine
- Understand the security gaps exploited to perpetrate the ransomware assault
- Look for the creation of executables associated with the first encrypted files or system breach
- Parse Outlook PST files
- Analyze email attachments
- Extract any URLs embedded in messages and check to see whether they are malicious
- Produce detailed attack documentation to meet your insurance carrier and compliance mandates
- List recommendations to shore up security gaps and improve workflows that reduce the exposure to a future ransomware exploit
Progent has provided online and on-premises network services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in core technologies such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's data security consultants have earned internationally recognized certifications such as CISA, CISSP, and GIAC. (See Progent's certifications). Progent also has guidance in financial management and ERP applications. This breadth of expertise allows Progent to salvage and integrate the surviving parts of your network following a ransomware attack and reconstruct them rapidly into an operational system. Progent has collaborated with top cyber insurance carriers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Services in Garland
To find out more information about how Progent can assist your Garland organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.