Progent's Ransomware Forensics Investigation and Reporting in Ontario
Progent's ransomware forensics consultants can capture the evidence of a ransomware attack and perform a detailed forensics investigation without disrupting the processes required for operational resumption and data restoration. Your Ontario organization can use Progent's forensics report to block future ransomware attacks, assist in the cleanup of encrypted data, and comply with insurance and governmental requirements.
Ransomware forensics investigation is aimed at tracking and documenting the ransomware attack's storyline across the network from beginning to end. This audit trail of the way a ransomware attack progressed within the network assists your IT staff to evaluate the impact and brings to light shortcomings in policies or processes that need to be corrected to prevent later break-ins. Forensic analysis is commonly given a high priority by the cyber insurance provider and is often mandated by government and industry regulations. Since forensics can be time consuming, it is essential that other important activities such as business continuity are executed concurrently. Progent maintains a large team of IT and cybersecurity experts with the skills required to perform activities for containment, operational resumption, and data restoration without interfering with forensics.
Ransomware forensics is arduous and calls for intimate interaction with the groups responsible for data restoration and, if needed, payment negotiation with the ransomware Threat Actor (TA). forensics typically require the review of all logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, schedulers, and core Windows systems to check for changes.
Activities involved with forensics analysis include:
- Detach without shutting off all possibly suspect devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user PWs, and configuring 2FA to secure backups.
- Preserve forensically complete images of all suspect devices so the file recovery team can proceed
- Save firewall, virtual private network, and other critical logs as soon as feasible
- Determine the variety of ransomware used in the assault
- Inspect every computer and data store on the network as well as cloud storage for indications of compromise
- Inventory all compromised devices
- Establish the type of ransomware involved in the assault
- Study log activity and sessions to establish the timeline of the attack and to identify any potential lateral migration from the first infected machine
- Understand the attack vectors exploited to perpetrate the ransomware attack
- Search for the creation of executables surrounding the first encrypted files or network compromise
- Parse Outlook web archives
- Examine email attachments
- Separate URLs from messages and check to see if they are malware
- Produce detailed incident reporting to meet your insurance carrier and compliance requirements
- List recommendations to shore up security gaps and improve workflows that lower the risk of a future ransomware exploit
Progent has delivered online and on-premises network services across the United States for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's data security consultants have earned prestigious certifications such as CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and ERP application software. This breadth of skills allows Progent to salvage and consolidate the undamaged pieces of your information system after a ransomware intrusion and reconstruct them quickly into an operational system. Progent has collaborated with top cyber insurance providers like Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Ontario
To find out more about how Progent can help your Ontario organization with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.