Progent's Ransomware Forensics Investigation and Reporting Services in Winston-Salem
Progent's ransomware forensics consultants can save the evidence of a ransomware assault and perform a detailed forensics investigation without interfering with activity required for operational resumption and data recovery. Your Winston-Salem organization can use Progent's post-attack ransomware forensics report to combat subsequent ransomware assaults, validate the cleanup of lost data, and comply with insurance carrier and governmental mandates.
Ransomware forensics analysis involves tracking and describing the ransomware assault's progress across the targeted network from start to finish. This history of the way a ransomware assault progressed within the network assists you to assess the damage and brings to light vulnerabilities in security policies or processes that should be rectified to prevent future break-ins. Forensic analysis is commonly given a top priority by the cyber insurance provider and is often mandated by government and industry regulations. Since forensic analysis can be time consuming, it is essential that other important activities like business continuity are performed concurrently. Progent maintains a large team of information technology and security professionals with the knowledge and experience required to perform the work of containment, operational continuity, and data restoration without disrupting forensic analysis.
Ransomware forensics investigation is time consuming and calls for close cooperation with the teams focused on data cleanup and, if needed, settlement discussions with the ransomware Threat Actor. Ransomware forensics can involve the examination of all logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to look for variations.
Services involved with forensics include:
- Disconnect without shutting down all potentially suspect devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and configuring 2FA to protect backups.
- Create forensically complete images of all exposed devices so the data restoration team can proceed
- Save firewall, virtual private network, and additional key logs as soon as possible
- Establish the strain of ransomware involved in the attack
- Examine every machine and data store on the network as well as cloud storage for signs of encryption
- Catalog all compromised devices
- Determine the type of ransomware involved in the assault
- Study logs and sessions to establish the timeline of the attack and to identify any possible lateral migration from the originally compromised machine
- Understand the security gaps exploited to carry out the ransomware attack
- Look for the creation of executables surrounding the first encrypted files or network compromise
- Parse Outlook PST files
- Examine email attachments
- Extract any URLs from messages and check to see whether they are malware
- Provide comprehensive attack documentation to meet your insurance carrier and compliance requirements
- List recommendations to close security vulnerabilities and enforce workflows that reduce the exposure to a future ransomware breach
Progent's Qualifications
Progent has delivered remote and on-premises network services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have earned advanced certifications in core technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned industry-recognized certifications such as CISM, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning software. This breadth of skills allows Progent to identify and integrate the undamaged pieces of your IT environment following a ransomware attack and rebuild them quickly into a viable system. Progent has collaborated with leading insurance carriers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Winston-Salem
To learn more about ways Progent can help your Winston-Salem organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.