Progent's Ransomware Forensics Investigation and Reporting Services in Ottawa
Progent's ransomware forensics experts can capture the system state after a ransomware assault and perform a comprehensive forensics analysis without slowing down the processes related to operational resumption and data restoration. Your Ottawa business can use Progent's post-attack forensics documentation to counter future ransomware attacks, validate the recovery of lost data, and meet insurance and regulatory reporting requirements.
Ransomware forensics investigation involves discovering and describing the ransomware attack's progress throughout the targeted network from beginning to end. This audit trail of how a ransomware attack travelled within the network helps your IT staff to assess the damage and highlights shortcomings in rules or work habits that should be rectified to avoid later breaches. Forensic analysis is usually assigned a top priority by the insurance provider and is often required by government and industry regulations. Because forensic analysis can take time, it is vital that other important activities like business continuity are performed in parallel. Progent maintains a large roster of information technology and data security experts with the knowledge and experience needed to perform the work of containment, business continuity, and data restoration without disrupting forensic analysis.
Ransomware forensics is time consuming and calls for intimate cooperation with the groups responsible for data restoration and, if needed, payment discussions with the ransomware hacker. forensics typically involve the examination of all logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, schedulers, and core Windows systems to check for changes.
Services involved with forensics analysis include:
- Isolate without shutting down all potentially impacted devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and implementing two-factor authentication to secure your backups.
- Capture forensically complete images of all exposed devices so the file restoration team can proceed
- Save firewall, virtual private network, and additional key logs as soon as feasible
- Establish the strain of ransomware used in the assault
- Inspect every computer and storage device on the network including cloud-hosted storage for signs of encryption
- Catalog all encrypted devices
- Establish the type of ransomware used in the attack
- Study logs and sessions to determine the timeline of the assault and to spot any possible sideways migration from the originally compromised machine
- Understand the attack vectors used to perpetrate the ransomware assault
- Look for the creation of executables associated with the first encrypted files or network breach
- Parse Outlook web archives
- Analyze email attachments
- Separate URLs embedded in messages and determine whether they are malicious
- Produce extensive incident documentation to satisfy your insurance and compliance requirements
- Document recommendations to shore up security gaps and enforce workflows that lower the risk of a future ransomware breach
Progent's Background
Progent has provided online and onsite network services throughout the United States for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes professionals who have been awarded high-level certifications in core technology platforms such as Cisco networking, VMware, and popular Linux distros. Progent's data security consultants have earned prestigious certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning applications. This broad array of skills allows Progent to salvage and integrate the surviving parts of your information system following a ransomware assault and reconstruct them quickly into a functioning network. Progent has collaborated with top insurance carriers like Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Ottawa
To learn more about ways Progent can assist your Ottawa business with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.