Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Winston-Salem
Progent's ransomware forensics consultants can capture the system state after a ransomware assault and perform a comprehensive forensics investigation without impeding activity required for business resumption and data restoration. Your Winston-Salem organization can utilize Progent's post-attack ransomware forensics documentation to combat future ransomware assaults, assist in the recovery of lost data, and comply with insurance and governmental reporting requirements.
Ransomware forensics investigation involves determining and documenting the ransomware attack's storyline across the targeted network from start to finish. This history of how a ransomware assault travelled through the network helps your IT staff to assess the damage and uncovers vulnerabilities in security policies or work habits that need to be corrected to avoid future break-ins. Forensic analysis is usually given a high priority by the cyber insurance provider and is typically mandated by state and industry regulations. Because forensics can take time, it is vital that other key recovery processes like operational continuity are performed concurrently. Progent maintains an extensive roster of IT and cybersecurity experts with the skills required to perform the work of containment, operational resumption, and data restoration without disrupting forensics.
Ransomware forensics investigation is arduous and requires close cooperation with the teams responsible for file cleanup and, if needed, settlement talks with the ransomware Threat Actor. forensics typically involve the review of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to check for variations.
Services associated with forensics include:
- Isolate without shutting off all potentially impacted devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user PWs, and implementing two-factor authentication to guard backups.
- Capture forensically complete digital images of all suspect devices so your file recovery group can proceed
- Save firewall, virtual private network, and additional critical logs as quickly as possible
- Establish the type of ransomware involved in the attack
- Examine every machine and data store on the network including cloud storage for signs of encryption
- Catalog all encrypted devices
- Determine the type of ransomware used in the attack
- Review log activity and sessions to determine the time frame of the assault and to spot any possible sideways migration from the first compromised machine
- Understand the security gaps used to perpetrate the ransomware assault
- Look for the creation of executables surrounding the original encrypted files or network compromise
- Parse Outlook PST files
- Examine email attachments
- Separate URLs from email messages and determine whether they are malicious
- Provide extensive incident documentation to satisfy your insurance carrier and compliance mandates
- Document recommendations to close cybersecurity gaps and improve workflows that reduce the exposure to a future ransomware exploit
Progent's Qualifications
Progent has delivered remote and on-premises IT services throughout the U.S. for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded high-level certifications in core technology platforms including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning software. This broad array of skills gives Progent the ability to identify and integrate the undamaged parts of your network following a ransomware assault and rebuild them quickly into an operational system. Progent has collaborated with top insurance providers like Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Winston-Salem
To find out more information about how Progent can assist your Winston-Salem organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.