Overview of Progent's Ransomware Forensics and Reporting in Spartanburg
Progent's ransomware forensics experts can save the system state after a ransomware attack and carry out a comprehensive forensics analysis without interfering with the processes required for operational resumption and data restoration. Your Spartanburg organization can use Progent's post-attack ransomware forensics documentation to block future ransomware attacks, validate the restoration of encrypted data, and comply with insurance carrier and governmental requirements.
Ransomware forensics is aimed at tracking and documenting the ransomware assault's storyline across the targeted network from start to finish. This history of the way a ransomware assault progressed through the network helps you to evaluate the damage and brings to light shortcomings in rules or work habits that need to be corrected to avoid future breaches. Forensics is commonly assigned a top priority by the insurance provider and is often mandated by government and industry regulations. Because forensic analysis can take time, it is vital that other key activities such as business resumption are performed concurrently. Progent maintains a large team of IT and security experts with the knowledge and experience required to perform the work of containment, operational resumption, and data recovery without disrupting forensics.
Ransomware forensics investigation is complex and requires intimate cooperation with the groups responsible for file restoration and, if necessary, settlement discussions with the ransomware Threat Actor. Ransomware forensics typically involve the review of logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, schedulers, and core Windows systems to detect anomalies.
Services associated with forensics investigation include:
- Isolate but avoid shutting down all potentially affected devices from the system. This may require closing all RDP ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and configuring 2FA to secure backups.
- Copy forensically complete duplicates of all suspect devices so the data restoration team can get started
- Preserve firewall, VPN, and other key logs as soon as possible
- Establish the type of ransomware used in the assault
- Inspect every computer and data store on the network as well as cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Establish the kind of ransomware used in the attack
- Review log activity and sessions to establish the time frame of the attack and to identify any potential sideways migration from the originally compromised system
- Understand the security gaps used to perpetrate the ransomware attack
- Search for new executables associated with the first encrypted files or system breach
- Parse Outlook web archives
- Examine email attachments
- Extract any URLs from messages and determine if they are malicious
- Produce detailed incident reporting to meet your insurance carrier and compliance requirements
- List recommendations to close security gaps and enforce workflows that reduce the exposure to a future ransomware exploit
Progent's Background
Progent has provided online and on-premises IT services across the United States for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have been awarded advanced certifications in foundation technology platforms including Cisco networking, VMware, and popular distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has guidance in financial management and ERP application software. This scope of skills gives Progent the ability to salvage and consolidate the undamaged parts of your information system after a ransomware assault and rebuild them rapidly into a functioning network. Progent has worked with leading insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Spartanburg
To learn more information about how Progent can assist your Spartanburg business with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.