Progent's Ransomware Forensics and Reporting Services in Oklahoma CIty
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and carry out a detailed forensics analysis without impeding activity related to business resumption and data restoration. Your Oklahoma CIty business can use Progent's post-attack forensics documentation to counter future ransomware attacks, validate the cleanup of encrypted data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics involves determining and describing the ransomware assault's progress throughout the network from beginning to end. This audit trail of the way a ransomware attack travelled within the network assists your IT staff to assess the damage and highlights gaps in policies or processes that need to be corrected to prevent later break-ins. Forensics is commonly assigned a high priority by the insurance carrier and is often mandated by government and industry regulations. Because forensics can be time consuming, it is essential that other important activities like business continuity are performed in parallel. Progent maintains an extensive roster of IT and security professionals with the knowledge and experience needed to perform activities for containment, business resumption, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is complex and requires close cooperation with the teams focused on data recovery and, if necessary, payment discussions with the ransomware Threat Actor (TA). Ransomware forensics can involve the review of logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to detect anomalies.
Activities involved with forensics investigation include:
- Disconnect without shutting down all potentially suspect devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user PWs, and implementing two-factor authentication to secure your backups.
- Preserve forensically complete digital images of all exposed devices so the data restoration group can get started
- Preserve firewall, virtual private network, and additional key logs as quickly as possible
- Determine the strain of ransomware involved in the assault
- Inspect every computer and storage device on the network including cloud-hosted storage for signs of compromise
- Catalog all compromised devices
- Establish the type of ransomware used in the assault
- Study log activity and sessions to establish the time frame of the attack and to spot any potential sideways movement from the originally compromised machine
- Identify the attack vectors used to perpetrate the ransomware assault
- Search for new executables surrounding the original encrypted files or system compromise
- Parse Outlook web archives
- Analyze attachments
- Separate any URLs from email messages and check to see whether they are malware
- Provide comprehensive attack documentation to satisfy your insurance carrier and compliance regulations
- Document recommended improvements to close security vulnerabilities and enforce processes that lower the exposure to a future ransomware breach
Progent's Background
Progent has provided online and on-premises network services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes professionals who have earned high-level certifications in foundation technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications including CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has guidance in financial and ERP application software. This broad array of expertise gives Progent the ability to salvage and integrate the undamaged parts of your network following a ransomware attack and reconstruct them rapidly into an operational system. Progent has collaborated with leading cyber insurance carriers including Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Oklahoma CIty
To find out more about how Progent can help your Oklahoma CIty business with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.