Progent's Ransomware Forensics and Reporting in Albany
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and carry out a comprehensive forensics analysis without impeding activity required for business resumption and data restoration. Your Albany business can utilize Progent's ransomware forensics report to combat future ransomware attacks, assist in the cleanup of lost data, and comply with insurance carrier and governmental reporting requirements.
Ransomware forensics analysis is aimed at tracking and documenting the ransomware attack's storyline across the network from beginning to end. This audit trail of how a ransomware assault travelled through the network assists your IT staff to evaluate the damage and uncovers gaps in policies or processes that need to be corrected to prevent future breaches. Forensics is commonly assigned a high priority by the insurance provider and is often required by state and industry regulations. Since forensics can take time, it is critical that other important recovery processes such as operational resumption are pursued concurrently. Progent has a large roster of IT and data security professionals with the knowledge and experience needed to perform the work of containment, business continuity, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is arduous and requires close cooperation with the teams assigned to file cleanup and, if needed, payment discussions with the ransomware Threat Actor. forensics can involve the review of logs, registry, GPO, Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to look for anomalies.
Services associated with forensics include:
- Isolate without shutting off all potentially impacted devices from the network. This can require closing all RDP ports and Internet facing network-attached storage, modifying admin credentials and user PWs, and implementing two-factor authentication to secure your backups.
- Preserve forensically complete images of all suspect devices so the file recovery group can proceed
- Preserve firewall, VPN, and other critical logs as soon as possible
- Identify the version of ransomware involved in the attack
- Survey each machine and data store on the system as well as cloud storage for signs of compromise
- Catalog all encrypted devices
- Determine the kind of ransomware used in the attack
- Study logs and user sessions in order to determine the time frame of the ransomware attack and to identify any possible sideways migration from the first infected machine
- Identify the security gaps exploited to perpetrate the ransomware attack
- Look for new executables surrounding the original encrypted files or system compromise
- Parse Outlook web archives
- Examine email attachments
- Extract any URLs embedded in messages and check to see whether they are malicious
- Produce extensive attack documentation to meet your insurance carrier and compliance requirements
- Document recommended improvements to close cybersecurity gaps and enforce workflows that reduce the risk of a future ransomware exploit
Progent has provided remote and on-premises network services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes professionals who have earned advanced certifications in foundation technology platforms such as Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned prestigious certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial and ERP applications. This scope of expertise gives Progent the ability to salvage and consolidate the undamaged pieces of your information system following a ransomware intrusion and rebuild them rapidly into a viable system. Progent has worked with top cyber insurance carriers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Albany
To find out more information about how Progent can help your Albany business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.