Overview of Progent's Ransomware Forensics Analysis and Reporting in Rio de Janeiro
Progent's ransomware forensics experts can capture the evidence of a ransomware assault and perform a detailed forensics analysis without slowing down activity related to operational continuity and data restoration. Your Rio de Janeiro organization can utilize Progent's post-attack forensics report to block future ransomware assaults, assist in the cleanup of lost data, and comply with insurance and regulatory reporting requirements.
Ransomware forensics involves tracking and documenting the ransomware attack's storyline across the network from beginning to end. This history of how a ransomware attack travelled through the network helps you to assess the impact and uncovers weaknesses in rules or work habits that should be rectified to avoid future break-ins. Forensics is commonly assigned a high priority by the cyber insurance provider and is often required by government and industry regulations. Because forensics can be time consuming, it is vital that other key activities such as business resumption are executed concurrently. Progent maintains an extensive team of IT and data security experts with the knowledge and experience needed to perform the work of containment, business continuity, and data recovery without disrupting forensics.
Ransomware forensics is arduous and requires close cooperation with the teams responsible for data cleanup and, if needed, payment talks with the ransomware Threat Actor. Ransomware forensics typically involve the examination of logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to detect changes.
Activities associated with forensics include:
- Isolate but avoid shutting down all potentially impacted devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user PWs, and setting up two-factor authentication to secure backups.
- Create forensically valid duplicates of all suspect devices so the data restoration group can proceed
- Preserve firewall, VPN, and other key logs as quickly as possible
- Determine the version of ransomware involved in the assault
- Examine each computer and storage device on the system including cloud-hosted storage for indications of encryption
- Catalog all encrypted devices
- Establish the kind of ransomware involved in the assault
- Study log activity and user sessions in order to establish the time frame of the attack and to identify any potential lateral migration from the first infected machine
- Identify the attack vectors used to carry out the ransomware assault
- Look for the creation of executables surrounding the first encrypted files or system compromise
- Parse Outlook web archives
- Examine attachments
- Extract any URLs from messages and determine whether they are malicious
- Provide comprehensive attack documentation to meet your insurance and compliance requirements
- List recommended improvements to close cybersecurity gaps and improve processes that lower the exposure to a future ransomware breach
Progent has delivered online and on-premises IT services across the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have been awarded high-level certifications in core technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications such as CISA, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and ERP software. This broad array of expertise allows Progent to identify and consolidate the surviving pieces of your information system after a ransomware intrusion and rebuild them quickly into a viable network. Progent has worked with top insurance carriers including Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Services in Rio de Janeiro
To find out more about ways Progent can assist your Rio de Janeiro organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.