Overview of Progent's Ransomware Forensics and Reporting Services in Reading
Progent's ransomware forensics consultants can save the evidence of a ransomware assault and carry out a detailed forensics analysis without impeding activity related to operational resumption and data recovery. Your Reading organization can use Progent's forensics documentation to counter subsequent ransomware attacks, assist in the restoration of encrypted data, and meet insurance and governmental requirements.
Ransomware forensics analysis involves determining and describing the ransomware attack's progress throughout the targeted network from beginning to end. This audit trail of how a ransomware assault progressed through the network assists your IT staff to evaluate the damage and highlights gaps in security policies or work habits that should be rectified to avoid later break-ins. Forensics is typically assigned a top priority by the insurance provider and is typically mandated by state and industry regulations. Because forensics can take time, it is essential that other important recovery processes such as business resumption are pursued in parallel. Progent has a large team of information technology and security experts with the knowledge and experience required to carry out activities for containment, business continuity, and data recovery without disrupting forensics.
Ransomware forensics analysis is arduous and requires close interaction with the teams focused on file cleanup and, if needed, payment discussions with the ransomware hacker. Ransomware forensics can require the review of all logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to check for changes.
Activities involved with forensics investigation include:
- Disconnect without shutting off all possibly impacted devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, changing admin credentials and user PWs, and configuring two-factor authentication to protect your backups.
- Create forensically valid duplicates of all exposed devices so the file restoration team can proceed
- Save firewall, virtual private network, and other critical logs as quickly as feasible
- Establish the version of ransomware used in the attack
- Examine every machine and storage device on the network as well as cloud-hosted storage for signs of compromise
- Inventory all compromised devices
- Establish the kind of ransomware involved in the assault
- Review log activity and user sessions to establish the time frame of the ransomware attack and to identify any potential lateral migration from the first infected machine
- Understand the attack vectors used to perpetrate the ransomware assault
- Look for the creation of executables associated with the first encrypted files or system breach
- Parse Outlook web archives
- Analyze attachments
- Separate any URLs from email messages and determine if they are malicious
- Provide extensive incident reporting to satisfy your insurance carrier and compliance mandates
- Document recommendations to close security gaps and enforce processes that lower the risk of a future ransomware exploit
Progent has delivered remote and onsite IT services across the U.S. for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have earned advanced certifications in core technology platforms including Cisco networking, VMware, and popular distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has guidance in financial and Enterprise Resource Planning applications. This breadth of skills allows Progent to salvage and integrate the surviving parts of your network after a ransomware assault and reconstruct them rapidly into a functioning system. Progent has worked with top cyber insurance carriers like Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Reading
To learn more about how Progent can assist your Reading organization with ransomware forensics investigation, call 1-800-993-9400 or visit Contact Progent.