Overview of Progent's Ransomware Forensics and Reporting Services in Ontario
Progent's ransomware forensics experts can save the system state after a ransomware assault and perform a detailed forensics investigation without interfering with the processes required for operational resumption and data recovery. Your Ontario business can use Progent's post-attack ransomware forensics report to combat subsequent ransomware attacks, assist in the recovery of encrypted data, and meet insurance carrier and regulatory reporting requirements.
Ransomware forensics investigation is aimed at tracking and describing the ransomware assault's storyline across the targeted network from beginning to end. This audit trail of the way a ransomware attack travelled through the network helps your IT staff to evaluate the impact and brings to light weaknesses in rules or processes that should be corrected to prevent later breaches. Forensics is typically given a high priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Since forensics can take time, it is essential that other key recovery processes like business resumption are pursued concurrently. Progent has an extensive roster of information technology and data security professionals with the skills required to carry out activities for containment, operational continuity, and data restoration without interfering with forensic analysis.
Ransomware forensics investigation is complex and requires intimate cooperation with the teams focused on data recovery and, if needed, settlement talks with the ransomware Threat Actor (TA). forensics can require the review of logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to look for anomalies.
Services associated with forensics include:
- Detach but avoid shutting off all potentially suspect devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user PWs, and configuring two-factor authentication to secure your backups.
- Create forensically valid digital images of all exposed devices so your file recovery team can get started
- Save firewall, virtual private network, and other critical logs as quickly as feasible
- Establish the variety of ransomware used in the attack
- Examine each computer and data store on the network including cloud-hosted storage for indications of compromise
- Catalog all compromised devices
- Establish the kind of ransomware used in the assault
- Review logs and sessions in order to determine the timeline of the ransomware assault and to spot any potential sideways migration from the first compromised system
- Understand the security gaps exploited to carry out the ransomware assault
- Look for the creation of executables associated with the original encrypted files or system compromise
- Parse Outlook web archives
- Examine email attachments
- Separate any URLs from email messages and determine if they are malicious
- Provide extensive incident reporting to meet your insurance and compliance regulations
- Document recommendations to close security vulnerabilities and improve processes that reduce the exposure to a future ransomware exploit
Progent has provided online and on-premises network services throughout the United States for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SBEs includes consultants who have earned advanced certifications in core technology platforms including Cisco networking, VMware virtualization, and major distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications such as CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP software. This broad array of expertise gives Progent the ability to salvage and integrate the surviving pieces of your IT environment after a ransomware attack and rebuild them rapidly into an operational system. Progent has worked with leading cyber insurance carriers including Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Services in Ontario
To learn more information about ways Progent can help your Ontario business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.