Overview of Progent's Ransomware Forensics Analysis and Reporting in Santos
Progent's ransomware forensics consultants can save the evidence of a ransomware attack and perform a detailed forensics analysis without slowing down activity related to business continuity and data recovery. Your Santos organization can use Progent's forensics documentation to combat subsequent ransomware attacks, assist in the cleanup of encrypted data, and comply with insurance carrier and regulatory reporting requirements.
Ransomware forensics analysis is aimed at determining and documenting the ransomware attack's storyline across the network from start to finish. This history of the way a ransomware attack travelled within the network helps your IT staff to evaluate the impact and brings to light gaps in rules or processes that need to be corrected to prevent future break-ins. Forensic analysis is typically given a top priority by the cyber insurance carrier and is often required by government and industry regulations. Because forensics can take time, it is vital that other important recovery processes like business continuity are pursued in parallel. Progent has an extensive team of IT and cybersecurity professionals with the knowledge and experience needed to carry out the work of containment, business continuity, and data recovery without interfering with forensic analysis.
Ransomware forensics is complex and requires close cooperation with the groups assigned to file recovery and, if needed, payment negotiation with the ransomware Threat Actor. forensics can involve the review of logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to detect variations.
Activities associated with forensics investigation include:
- Disconnect but avoid shutting down all possibly affected devices from the system. This may involve closing all RDP ports and Internet facing NAS storage, modifying admin credentials and user passwords, and setting up 2FA to secure your backups.
- Capture forensically sound images of all suspect devices so the data recovery group can proceed
- Preserve firewall, virtual private network, and other critical logs as quickly as possible
- Establish the kind of ransomware used in the attack
- Examine every computer and storage device on the system as well as cloud storage for indications of encryption
- Inventory all encrypted devices
- Establish the type of ransomware used in the assault
- Study logs and sessions to establish the timeline of the ransomware assault and to identify any possible lateral migration from the first compromised system
- Understand the security gaps exploited to perpetrate the ransomware assault
- Look for the creation of executables associated with the original encrypted files or system breach
- Parse Outlook PST files
- Analyze attachments
- Extract any URLs from messages and check to see whether they are malware
- Provide extensive attack documentation to satisfy your insurance and compliance mandates
- Document recommendations to close security gaps and improve processes that lower the risk of a future ransomware breach
Progent's Background
Progent has provided online and onsite network services across the United States for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning application software. This broad array of skills allows Progent to salvage and integrate the surviving pieces of your network following a ransomware attack and rebuild them quickly into a viable network. Progent has worked with leading cyber insurance carriers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Santos
To find out more about ways Progent can assist your Santos business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.