Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Ontario
Progent's ransomware forensics consultants can capture the system state after a ransomware attack and perform a comprehensive forensics analysis without disrupting the processes required for operational continuity and data restoration. Your Ontario business can use Progent's post-attack forensics documentation to counter future ransomware attacks, validate the restoration of encrypted data, and comply with insurance and governmental reporting requirements.
Ransomware forensics analysis involves determining and describing the ransomware attack's storyline across the targeted network from start to finish. This history of the way a ransomware assault progressed through the network helps your IT staff to assess the damage and brings to light shortcomings in policies or work habits that need to be corrected to avoid later breaches. Forensics is usually assigned a high priority by the insurance provider and is typically mandated by government and industry regulations. Since forensic analysis can be time consuming, it is vital that other key activities such as operational resumption are executed in parallel. Progent maintains an extensive team of information technology and cybersecurity experts with the knowledge and experience needed to carry out activities for containment, business resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics investigation is arduous and calls for close cooperation with the teams assigned to file recovery and, if needed, settlement discussions with the ransomware hacker. forensics typically require the examination of logs, registry, GPO, AD, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to check for anomalies.
Activities involved with forensics include:
- Detach but avoid shutting off all potentially impacted devices from the network. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user PWs, and setting up two-factor authentication to secure backups.
- Capture forensically sound images of all exposed devices so the data recovery team can proceed
- Preserve firewall, virtual private network, and other critical logs as quickly as possible
- Identify the type of ransomware involved in the attack
- Survey each computer and storage device on the network including cloud-hosted storage for indications of encryption
- Inventory all encrypted devices
- Establish the type of ransomware involved in the attack
- Study log activity and user sessions in order to establish the timeline of the assault and to identify any potential lateral movement from the originally infected machine
- Identify the attack vectors exploited to carry out the ransomware attack
- Look for new executables associated with the first encrypted files or network breach
- Parse Outlook web archives
- Analyze email attachments
- Extract URLs embedded in messages and determine whether they are malicious
- Produce extensive attack reporting to meet your insurance and compliance regulations
- List recommended improvements to shore up cybersecurity gaps and improve processes that lower the risk of a future ransomware breach
Progent's Qualifications
Progent has delivered remote and onsite network services across the United States for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes professionals who have been awarded advanced certifications in foundation technologies including Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity experts have earned prestigious certifications including CISA, CISSP, and CRISC. (See Progent's certifications). Progent also has top-tier support in financial management and ERP application software. This scope of expertise gives Progent the ability to identify and integrate the surviving pieces of your network after a ransomware intrusion and reconstruct them quickly into a functioning network. Progent has worked with top cyber insurance carriers like Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Services in Ontario
To find out more about how Progent can assist your Ontario organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.