Overview of Progent's Ransomware Forensics Analysis and Reporting in Reading
Progent's ransomware forensics consultants can save the evidence of a ransomware assault and perform a comprehensive forensics investigation without disrupting the processes related to business resumption and data recovery. Your Reading organization can utilize Progent's forensics documentation to counter subsequent ransomware attacks, assist in the recovery of encrypted data, and comply with insurance carrier and regulatory mandates.
Ransomware forensics analysis involves determining and describing the ransomware assault's progress across the targeted network from beginning to end. This audit trail of the way a ransomware attack progressed within the network assists your IT staff to assess the impact and highlights weaknesses in security policies or work habits that should be corrected to prevent future break-ins. Forensics is commonly assigned a top priority by the insurance provider and is often required by government and industry regulations. Because forensics can be time consuming, it is essential that other key recovery processes like business continuity are pursued concurrently. Progent maintains a large team of information technology and security experts with the knowledge and experience needed to carry out the work of containment, operational resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics investigation is complex and calls for close interaction with the groups focused on file recovery and, if needed, settlement discussions with the ransomware hacker. Ransomware forensics can involve the review of logs, registry, GPO, AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to look for variations.
Services involved with forensics analysis include:
- Detach but avoid shutting off all potentially impacted devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and configuring 2FA to protect backups.
- Capture forensically sound digital images of all suspect devices so the file restoration group can proceed
- Preserve firewall, virtual private network, and other key logs as quickly as feasible
- Establish the variety of ransomware involved in the assault
- Survey each machine and storage device on the system including cloud storage for signs of encryption
- Catalog all encrypted devices
- Determine the kind of ransomware involved in the attack
- Study logs and user sessions to determine the time frame of the attack and to identify any potential sideways migration from the originally infected machine
- Identify the security gaps exploited to perpetrate the ransomware assault
- Search for the creation of executables associated with the original encrypted files or system breach
- Parse Outlook PST files
- Analyze attachments
- Extract any URLs from messages and check to see whether they are malware
- Provide detailed attack reporting to satisfy your insurance and compliance requirements
- List recommended improvements to shore up cybersecurity gaps and improve workflows that lower the exposure to a future ransomware exploit
Progent's Qualifications
Progent has provided online and on-premises IT services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in foundation technologies including Cisco infrastructure, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications including CISM, CISSP, and CRISC. (Refer to Progent's certifications). Progent also has guidance in financial and Enterprise Resource Planning software. This scope of skills allows Progent to identify and consolidate the undamaged parts of your network after a ransomware intrusion and rebuild them rapidly into a viable system. Progent has worked with top cyber insurance providers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Reading
To learn more information about how Progent can assist your Reading organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.