Progent's Ransomware Forensics and Reporting in Austin
Progent's ransomware forensics consultants can capture the evidence of a ransomware assault and perform a detailed forensics investigation without slowing down the processes related to operational resumption and data recovery. Your Austin business can utilize Progent's post-attack ransomware forensics report to counter subsequent ransomware attacks, validate the recovery of lost data, and meet insurance carrier and regulatory reporting requirements.
Ransomware forensics involves discovering and documenting the ransomware attack's progress throughout the targeted network from beginning to end. This history of how a ransomware assault progressed within the network helps you to assess the damage and uncovers shortcomings in rules or processes that should be corrected to avoid future break-ins. Forensic analysis is usually given a top priority by the cyber insurance provider and is typically mandated by government and industry regulations. Because forensics can take time, it is critical that other key activities like business resumption are executed concurrently. Progent has an extensive team of information technology and data security experts with the skills needed to perform activities for containment, business continuity, and data restoration without disrupting forensics.
Ransomware forensics analysis is time consuming and calls for intimate cooperation with the teams focused on file recovery and, if necessary, settlement negotiation with the ransomware Threat Actor. forensics can involve the examination of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, schedulers, and basic Windows systems to detect variations.
Activities involved with forensics investigation include:
- Isolate without shutting down all possibly suspect devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, modifying admin credentials and user PWs, and configuring 2FA to protect backups.
- Copy forensically complete duplicates of all suspect devices so your file restoration group can proceed
- Save firewall, virtual private network, and other key logs as soon as possible
- Establish the strain of ransomware involved in the attack
- Examine every computer and storage device on the network including cloud-hosted storage for indications of encryption
- Inventory all encrypted devices
- Establish the kind of ransomware used in the assault
- Study logs and sessions to establish the time frame of the ransomware assault and to identify any potential lateral movement from the originally infected machine
- Understand the security gaps used to carry out the ransomware attack
- Search for the creation of executables surrounding the original encrypted files or system breach
- Parse Outlook PST files
- Examine email attachments
- Extract URLs embedded in email messages and determine if they are malicious
- Produce comprehensive incident documentation to meet your insurance carrier and compliance requirements
- Document recommended improvements to close security vulnerabilities and enforce workflows that lower the risk of a future ransomware breach
Progent has provided online and onsite IT services across the United States for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes professionals who have been awarded advanced certifications in core technology platforms such as Cisco infrastructure, VMware, and major Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications such as CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning applications. This broad array of expertise allows Progent to identify and integrate the surviving pieces of your network after a ransomware intrusion and reconstruct them quickly into an operational network. Progent has collaborated with top cyber insurance carriers including Chubb to help organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Austin
To find out more information about how Progent can assist your Austin organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.