Overview of Progent's Ransomware Forensics Investigation and Reporting in Austin
Progent's ransomware forensics consultants can preserve the evidence of a ransomware attack and perform a detailed forensics investigation without impeding activity related to business continuity and data restoration. Your Austin organization can utilize Progent's post-attack ransomware forensics report to combat subsequent ransomware attacks, validate the cleanup of encrypted data, and meet insurance carrier and regulatory mandates.
Ransomware forensics investigation involves tracking and documenting the ransomware assault's storyline across the network from start to finish. This audit trail of how a ransomware attack progressed through the network helps your IT staff to evaluate the impact and highlights shortcomings in rules or processes that should be rectified to avoid future breaches. Forensics is typically given a top priority by the cyber insurance provider and is typically required by state and industry regulations. Because forensics can be time consuming, it is critical that other key recovery processes such as operational continuity are performed concurrently. Progent maintains a large team of information technology and data security experts with the knowledge and experience needed to carry out the work of containment, operational resumption, and data restoration without disrupting forensics.
Ransomware forensics is arduous and calls for close interaction with the teams responsible for data cleanup and, if necessary, payment discussions with the ransomware attacker. Ransomware forensics typically involve the examination of all logs, registry, GPO, Active Directory, DNS, routers, firewalls, schedulers, and core Windows systems to check for variations.
Activities involved with forensics investigation include:
- Isolate without shutting off all possibly affected devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and implementing 2FA to protect your backups.
- Copy forensically valid images of all suspect devices so your file restoration team can get started
- Preserve firewall, VPN, and other critical logs as quickly as possible
- Identify the variety of ransomware used in the assault
- Inspect each computer and data store on the network as well as cloud storage for signs of compromise
- Catalog all compromised devices
- Establish the type of ransomware used in the assault
- Study logs and user sessions to establish the timeline of the attack and to spot any possible lateral migration from the first infected machine
- Understand the security gaps exploited to perpetrate the ransomware attack
- Look for the creation of executables surrounding the first encrypted files or system breach
- Parse Outlook PST files
- Analyze attachments
- Separate URLs from messages and determine if they are malicious
- Produce extensive attack documentation to meet your insurance carrier and compliance mandates
- List recommended improvements to shore up cybersecurity gaps and enforce processes that lower the exposure to a future ransomware exploit
Progent's Qualifications
Progent has provided remote and onsite IT services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have earned high-level certifications in core technologies including Cisco networking, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned prestigious certifications including CISM, CISSP-ISSAP, and GIAC. (Refer to Progent's certifications). Progent also offers guidance in financial and Enterprise Resource Planning software. This breadth of expertise allows Progent to salvage and consolidate the undamaged parts of your information system following a ransomware assault and reconstruct them quickly into a viable system. Progent has worked with leading cyber insurance providers like Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Austin
To find out more information about how Progent can assist your Austin business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.