Progent's Ransomware Forensics Investigation and Reporting Services in Ottawa
Progent's ransomware forensics consultants can capture the evidence of a ransomware attack and carry out a detailed forensics analysis without impeding the processes required for operational continuity and data restoration. Your Ottawa organization can utilize Progent's ransomware forensics documentation to combat subsequent ransomware attacks, validate the recovery of encrypted data, and comply with insurance and regulatory reporting requirements.
Ransomware forensics involves determining and documenting the ransomware assault's progress throughout the network from start to finish. This history of how a ransomware assault progressed through the network helps your IT staff to evaluate the impact and highlights gaps in rules or processes that should be rectified to prevent future break-ins. Forensics is typically assigned a high priority by the cyber insurance provider and is often required by state and industry regulations. Since forensics can be time consuming, it is essential that other key recovery processes such as business resumption are executed concurrently. Progent has a large roster of IT and cybersecurity experts with the skills required to carry out the work of containment, business resumption, and data recovery without interfering with forensics.
Ransomware forensics is complicated and calls for close cooperation with the teams assigned to data cleanup and, if needed, payment discussions with the ransomware Threat Actor (TA). Ransomware forensics can require the review of logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and core Windows systems to check for changes.
Services involved with forensics investigation include:
- Disconnect without shutting off all possibly impacted devices from the system. This can involve closing all RDP ports and Internet connected network-attached storage, changing admin credentials and user PWs, and setting up 2FA to secure backups.
- Create forensically valid duplicates of all exposed devices so the file recovery team can proceed
- Preserve firewall, virtual private network, and other critical logs as quickly as possible
- Establish the strain of ransomware used in the attack
- Inspect each computer and data store on the network including cloud-hosted storage for signs of encryption
- Catalog all encrypted devices
- Establish the type of ransomware involved in the assault
- Review log activity and user sessions to establish the timeline of the ransomware assault and to spot any possible sideways movement from the first infected system
- Identify the attack vectors exploited to carry out the ransomware attack
- Search for new executables associated with the first encrypted files or network compromise
- Parse Outlook PST files
- Examine email attachments
- Extract any URLs embedded in email messages and check to see if they are malicious
- Provide comprehensive incident reporting to meet your insurance and compliance regulations
- Document recommended improvements to shore up security vulnerabilities and improve processes that reduce the exposure to a future ransomware breach
Progent has provided remote and on-premises network services across the United States for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have been awarded high-level certifications in core technologies such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's data security experts have earned internationally recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and Enterprise Resource Planning application software. This broad array of expertise allows Progent to salvage and integrate the surviving pieces of your network after a ransomware attack and reconstruct them quickly into an operational system. Progent has worked with top insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Ottawa
To learn more information about ways Progent can assist your Ottawa business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.