Progent's Ransomware Forensics and Reporting Services in Anchorage
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and carry out a detailed forensics investigation without impeding the processes required for business continuity and data recovery. Your Anchorage business can use Progent's post-attack forensics documentation to counter subsequent ransomware attacks, assist in the cleanup of encrypted data, and comply with insurance carrier and governmental requirements.
Ransomware forensics involves tracking and documenting the ransomware attack's storyline throughout the network from beginning to end. This history of how a ransomware assault travelled through the network assists your IT staff to assess the damage and highlights weaknesses in security policies or work habits that should be rectified to prevent future breaches. Forensic analysis is commonly assigned a high priority by the cyber insurance provider and is typically required by government and industry regulations. Since forensic analysis can be time consuming, it is vital that other key activities such as operational continuity are performed in parallel. Progent maintains a large team of IT and security professionals with the knowledge and experience needed to carry out the work of containment, business resumption, and data recovery without disrupting forensics.
Ransomware forensics is time consuming and requires close cooperation with the teams assigned to file recovery and, if necessary, payment negotiation with the ransomware Threat Actor (TA). Ransomware forensics typically involve the review of logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to look for anomalies.
Services associated with forensics analysis include:
- Isolate without shutting down all potentially impacted devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and implementing 2FA to secure your backups.
- Preserve forensically sound duplicates of all exposed devices so the data restoration team can get started
- Preserve firewall, virtual private network, and other key logs as soon as feasible
- Determine the kind of ransomware involved in the attack
- Examine every machine and data store on the network as well as cloud-hosted storage for indications of encryption
- Inventory all compromised devices
- Establish the type of ransomware used in the assault
- Review logs and sessions to determine the time frame of the assault and to identify any potential sideways migration from the originally infected machine
- Understand the attack vectors used to carry out the ransomware assault
- Look for new executables associated with the first encrypted files or system breach
- Parse Outlook web archives
- Examine attachments
- Extract URLs from email messages and check to see if they are malware
- Produce comprehensive incident reporting to satisfy your insurance and compliance mandates
- List recommendations to shore up cybersecurity gaps and improve workflows that reduce the risk of a future ransomware exploit
Progent's Background
Progent has provided online and on-premises network services across the United States for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned advanced certifications in core technology platforms including Cisco infrastructure, VMware, and popular Linux distros. Progent's data security consultants have earned industry-recognized certifications such as CISA, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and Enterprise Resource Planning applications. This broad array of skills allows Progent to identify and integrate the undamaged parts of your IT environment following a ransomware assault and reconstruct them quickly into a viable system. Progent has worked with leading insurance providers like Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in Anchorage
To find out more about ways Progent can assist your Anchorage business with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.