Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Albany
Progent's ransomware forensics experts can preserve the evidence of a ransomware attack and perform a detailed forensics analysis without interfering with the processes required for operational continuity and data restoration. Your Albany organization can use Progent's forensics documentation to block future ransomware attacks, validate the restoration of lost data, and comply with insurance carrier and governmental requirements.
Ransomware forensics investigation involves tracking and documenting the ransomware attack's progress across the network from beginning to end. This audit trail of how a ransomware assault travelled within the network helps you to assess the damage and highlights vulnerabilities in rules or processes that need to be corrected to prevent future break-ins. Forensic analysis is commonly assigned a top priority by the insurance provider and is typically required by government and industry regulations. Because forensics can be time consuming, it is essential that other important activities such as business resumption are pursued concurrently. Progent maintains a large roster of information technology and cybersecurity professionals with the skills required to perform activities for containment, operational continuity, and data restoration without disrupting forensics.
Ransomware forensics is arduous and calls for intimate interaction with the teams focused on file recovery and, if needed, settlement negotiation with the ransomware Threat Actor. Ransomware forensics typically involve the examination of logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to check for variations.
Activities involved with forensics include:
- Isolate without shutting off all possibly suspect devices from the network. This can involve closing all RDP ports and Internet facing NAS storage, changing admin credentials and user passwords, and setting up 2FA to protect backups.
- Preserve forensically valid duplicates of all suspect devices so the data restoration group can get started
- Save firewall, virtual private network, and additional key logs as quickly as possible
- Determine the strain of ransomware used in the attack
- Examine each computer and data store on the system as well as cloud-hosted storage for signs of compromise
- Inventory all encrypted devices
- Establish the type of ransomware used in the attack
- Study log activity and user sessions in order to determine the timeline of the ransomware attack and to spot any potential sideways migration from the first infected machine
- Understand the attack vectors used to perpetrate the ransomware assault
- Search for new executables surrounding the first encrypted files or system breach
- Parse Outlook web archives
- Examine email attachments
- Extract any URLs from messages and determine whether they are malware
- Provide detailed attack documentation to satisfy your insurance and compliance mandates
- Suggest recommendations to close security vulnerabilities and enforce processes that reduce the exposure to a future ransomware breach
Progent has provided online and on-premises IT services across the U.S. for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes consultants who have been awarded high-level certifications in core technology platforms including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning applications. This broad array of expertise allows Progent to identify and integrate the undamaged parts of your network following a ransomware intrusion and reconstruct them rapidly into an operational network. Progent has worked with leading insurance carriers including Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Albany
To learn more information about ways Progent can help your Albany organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.