Progent's Ransomware Forensics Analysis and Reporting in Reading
Progent's ransomware forensics experts can save the evidence of a ransomware assault and carry out a detailed forensics analysis without disrupting the processes required for operational resumption and data restoration. Your Reading organization can use Progent's post-attack ransomware forensics documentation to combat subsequent ransomware assaults, validate the cleanup of encrypted data, and meet insurance carrier and regulatory mandates.
Ransomware forensics investigation involves determining and describing the ransomware attack's storyline across the network from beginning to end. This history of the way a ransomware attack progressed through the network helps you to assess the damage and brings to light gaps in rules or processes that should be rectified to prevent later breaches. Forensics is typically assigned a top priority by the insurance provider and is typically mandated by state and industry regulations. Because forensic analysis can be time consuming, it is vital that other important activities such as operational resumption are pursued in parallel. Progent has an extensive roster of IT and cybersecurity professionals with the knowledge and experience needed to perform activities for containment, operational resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics analysis is complicated and calls for close interaction with the groups responsible for data cleanup and, if needed, settlement talks with the ransomware Threat Actor. Ransomware forensics can involve the review of all logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to check for anomalies.
Activities involved with forensics investigation include:
- Detach without shutting down all possibly affected devices from the system. This can involve closing all RDP ports and Internet connected NAS storage, modifying admin credentials and user passwords, and configuring two-factor authentication to protect your backups.
- Capture forensically sound digital images of all exposed devices so your data recovery team can proceed
- Save firewall, VPN, and other key logs as soon as possible
- Establish the variety of ransomware used in the assault
- Examine each machine and storage device on the network including cloud storage for signs of encryption
- Inventory all encrypted devices
- Determine the type of ransomware used in the assault
- Review log activity and sessions to determine the time frame of the ransomware attack and to identify any potential sideways migration from the first compromised system
- Identify the security gaps used to perpetrate the ransomware assault
- Look for the creation of executables surrounding the original encrypted files or system compromise
- Parse Outlook PST files
- Examine attachments
- Extract any URLs embedded in email messages and determine if they are malware
- Produce extensive attack documentation to satisfy your insurance and compliance requirements
- Suggest recommendations to shore up security vulnerabilities and improve workflows that lower the exposure to a future ransomware exploit
Progent has provided remote and onsite IT services throughout the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technology platforms including Cisco networking, VMware, and major distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISA, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP software. This breadth of skills gives Progent the ability to salvage and integrate the undamaged pieces of your network after a ransomware attack and rebuild them rapidly into a functioning network. Progent has collaborated with top insurance carriers including Chubb to assist businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Reading
To learn more information about how Progent can help your Reading organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.