Overview of Progent's Ransomware Forensics and Reporting Services in Albany
Progent's ransomware forensics consultants can save the evidence of a ransomware attack and perform a comprehensive forensics analysis without slowing down the processes related to operational continuity and data restoration. Your Albany organization can use Progent's forensics documentation to counter subsequent ransomware attacks, assist in the restoration of encrypted data, and meet insurance and governmental mandates.
Ransomware forensics is aimed at determining and describing the ransomware assault's progress throughout the targeted network from start to finish. This audit trail of the way a ransomware attack travelled through the network helps your IT staff to evaluate the damage and uncovers shortcomings in security policies or work habits that need to be rectified to prevent future breaches. Forensics is commonly assigned a top priority by the insurance provider and is typically mandated by government and industry regulations. Because forensics can be time consuming, it is essential that other key activities such as business resumption are performed concurrently. Progent maintains an extensive roster of IT and data security professionals with the knowledge and experience required to perform the work of containment, business continuity, and data recovery without disrupting forensics.
Ransomware forensics investigation is time consuming and calls for close cooperation with the teams responsible for data cleanup and, if needed, settlement talks with the ransomware Threat Actor (TA). Ransomware forensics typically require the review of all logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, schedulers, and core Windows systems to check for anomalies.
Services associated with forensics investigation include:
- Isolate but avoid shutting down all potentially suspect devices from the system. This can involve closing all RDP ports and Internet facing network-attached storage, changing admin credentials and user passwords, and implementing two-factor authentication to protect backups.
- Capture forensically valid duplicates of all exposed devices so the data recovery group can proceed
- Preserve firewall, VPN, and other critical logs as quickly as possible
- Identify the variety of ransomware used in the attack
- Survey every computer and data store on the network as well as cloud-hosted storage for indications of encryption
- Catalog all compromised devices
- Determine the type of ransomware used in the attack
- Review log activity and sessions in order to determine the time frame of the ransomware assault and to spot any potential lateral movement from the first compromised system
- Understand the attack vectors exploited to carry out the ransomware assault
- Search for new executables associated with the first encrypted files or system breach
- Parse Outlook PST files
- Examine attachments
- Separate any URLs embedded in email messages and check to see if they are malicious
- Provide extensive attack reporting to meet your insurance carrier and compliance regulations
- Suggest recommended improvements to shore up cybersecurity vulnerabilities and enforce processes that reduce the risk of a future ransomware exploit
Progent's Background
Progent has provided remote and on-premises IT services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned advanced certifications in core technologies such as Cisco infrastructure, VMware, and major Linux distros. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning application software. This breadth of expertise gives Progent the ability to identify and consolidate the undamaged parts of your network following a ransomware assault and rebuild them rapidly into a viable system. Progent has collaborated with leading cyber insurance carriers including Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Albany
To find out more about ways Progent can assist your Albany business with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.