Overview of Progent's Ransomware Forensics Investigation and Reporting in Monterey
Progent's ransomware forensics consultants can preserve the system state after a ransomware attack and perform a detailed forensics analysis without disrupting activity required for operational continuity and data recovery. Your Monterey organization can use Progent's ransomware forensics documentation to counter subsequent ransomware attacks, assist in the restoration of encrypted data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics investigation is aimed at determining and describing the ransomware assault's storyline throughout the targeted network from beginning to end. This history of how a ransomware assault progressed within the network helps your IT staff to assess the damage and brings to light vulnerabilities in security policies or processes that need to be rectified to prevent future break-ins. Forensic analysis is usually assigned a top priority by the insurance carrier and is typically mandated by government and industry regulations. Because forensics can be time consuming, it is critical that other important activities such as operational continuity are performed in parallel. Progent maintains a large team of information technology and cybersecurity experts with the skills required to perform activities for containment, operational continuity, and data restoration without disrupting forensics.
Ransomware forensics analysis is complicated and calls for close interaction with the teams assigned to data cleanup and, if needed, payment talks with the ransomware Threat Actor (TA). Ransomware forensics typically require the review of all logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, schedulers, and basic Windows systems to look for variations.
Services associated with forensics analysis include:
- Disconnect but avoid shutting off all potentially suspect devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and setting up 2FA to guard your backups.
- Preserve forensically complete images of all exposed devices so your data restoration team can proceed
- Save firewall, virtual private network, and other critical logs as quickly as feasible
- Establish the kind of ransomware used in the attack
- Inspect each computer and data store on the system including cloud-hosted storage for indications of compromise
- Catalog all compromised devices
- Establish the kind of ransomware involved in the attack
- Study log activity and sessions in order to establish the timeline of the attack and to spot any potential sideways movement from the originally compromised system
- Understand the attack vectors used to carry out the ransomware attack
- Look for new executables associated with the original encrypted files or network breach
- Parse Outlook PST files
- Examine email attachments
- Separate any URLs embedded in messages and determine if they are malicious
- Produce extensive attack documentation to satisfy your insurance carrier and compliance regulations
- Suggest recommended improvements to close security vulnerabilities and improve workflows that reduce the risk of a future ransomware exploit
Progent has provided remote and on-premises IT services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial management and ERP software. This broad array of skills allows Progent to identify and integrate the undamaged pieces of your information system after a ransomware intrusion and rebuild them rapidly into a functioning network. Progent has worked with leading insurance carriers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Monterey
To learn more about ways Progent can assist your Monterey business with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.