Progent's Ransomware Forensics Analysis and Reporting in Ontario
Progent's ransomware forensics experts can save the system state after a ransomware attack and perform a detailed forensics investigation without impeding activity required for operational resumption and data recovery. Your Ontario organization can use Progent's post-attack forensics report to counter future ransomware attacks, assist in the cleanup of lost data, and meet insurance and regulatory reporting requirements.
Ransomware forensics analysis involves determining and describing the ransomware attack's storyline across the targeted network from start to finish. This audit trail of the way a ransomware attack travelled through the network assists you to evaluate the damage and highlights vulnerabilities in security policies or work habits that need to be rectified to avoid later breaches. Forensic analysis is commonly given a high priority by the insurance provider and is often mandated by state and industry regulations. Because forensics can be time consuming, it is essential that other key activities such as business resumption are performed in parallel. Progent maintains a large roster of IT and data security professionals with the knowledge and experience needed to perform the work of containment, business resumption, and data restoration without interfering with forensics.
Ransomware forensics analysis is time consuming and calls for close interaction with the groups assigned to file restoration and, if needed, settlement talks with the ransomware Threat Actor (TA). forensics can require the examination of all logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and basic Windows systems to detect anomalies.
Activities involved with forensics investigation include:
- Isolate without shutting down all potentially suspect devices from the network. This may involve closing all RDP ports and Internet connected NAS storage, modifying admin credentials and user passwords, and setting up 2FA to protect your backups.
- Create forensically complete images of all suspect devices so the data recovery group can proceed
- Save firewall, virtual private network, and other key logs as quickly as possible
- Determine the strain of ransomware used in the attack
- Inspect every computer and storage device on the network including cloud storage for signs of encryption
- Inventory all compromised devices
- Establish the type of ransomware involved in the attack
- Review log activity and sessions in order to establish the timeline of the ransomware assault and to spot any potential sideways movement from the originally compromised system
- Understand the security gaps exploited to perpetrate the ransomware assault
- Look for new executables surrounding the first encrypted files or network compromise
- Parse Outlook PST files
- Examine email attachments
- Extract URLs embedded in messages and check to see if they are malicious
- Provide detailed attack documentation to satisfy your insurance carrier and compliance requirements
- List recommendations to close cybersecurity vulnerabilities and improve processes that lower the risk of a future ransomware breach
Progent has delivered remote and onsite network services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes consultants who have earned high-level certifications in core technologies such as Cisco networking, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISA, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and Enterprise Resource Planning application software. This broad array of expertise gives Progent the ability to identify and integrate the surviving parts of your information system after a ransomware assault and rebuild them quickly into an operational system. Progent has worked with leading insurance providers including Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Ontario
To learn more information about how Progent can help your Ontario business with ransomware forensics analysis, call 1-800-993-9400 or see Contact Progent.