Overview of Progent's Ransomware Forensics Investigation and Reporting in Austin
Progent's ransomware forensics consultants can save the system state after a ransomware attack and perform a detailed forensics investigation without impeding the processes related to operational continuity and data restoration. Your Austin organization can use Progent's post-attack forensics report to block future ransomware assaults, assist in the recovery of encrypted data, and comply with insurance carrier and governmental reporting requirements.
Ransomware forensics involves tracking and documenting the ransomware attack's storyline throughout the targeted network from start to finish. This history of how a ransomware attack progressed within the network assists you to evaluate the impact and uncovers weaknesses in policies or processes that should be corrected to prevent future break-ins. Forensics is usually given a top priority by the insurance provider and is often required by state and industry regulations. Since forensic analysis can be time consuming, it is vital that other important activities such as business resumption are executed in parallel. Progent has a large team of IT and data security professionals with the knowledge and experience required to perform the work of containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics investigation is arduous and requires intimate cooperation with the groups focused on file recovery and, if needed, payment talks with the ransomware hacker. forensics typically involve the examination of all logs, registry, Group Policy Object, AD, DNS, routers, firewalls, scheduled tasks, and core Windows systems to check for changes.
Activities involved with forensics analysis include:
- Disconnect without shutting off all possibly impacted devices from the network. This may involve closing all RDP ports and Internet facing NAS storage, changing admin credentials and user PWs, and implementing two-factor authentication to guard backups.
- Copy forensically sound images of all exposed devices so your file restoration team can proceed
- Preserve firewall, VPN, and additional key logs as quickly as possible
- Identify the type of ransomware used in the assault
- Survey every machine and data store on the system as well as cloud-hosted storage for indications of compromise
- Inventory all encrypted devices
- Establish the kind of ransomware used in the attack
- Review log activity and sessions in order to determine the time frame of the attack and to spot any possible lateral movement from the first infected system
- Identify the security gaps exploited to carry out the ransomware assault
- Look for the creation of executables surrounding the original encrypted files or network compromise
- Parse Outlook PST files
- Analyze email attachments
- Extract any URLs from email messages and determine if they are malware
- Provide extensive attack documentation to satisfy your insurance carrier and compliance requirements
- Document recommended improvements to shore up cybersecurity gaps and improve processes that lower the exposure to a future ransomware breach
Progent has delivered remote and on-premises network services across the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SBEs includes professionals who have earned high-level certifications in foundation technologies such as Cisco networking, VMware virtualization, and major Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial management and Enterprise Resource Planning software. This broad array of expertise gives Progent the ability to identify and consolidate the surviving pieces of your IT environment after a ransomware intrusion and rebuild them quickly into a viable system. Progent has worked with leading cyber insurance carriers like Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Austin
To learn more about ways Progent can assist your Austin business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.