Progent's Ransomware Forensics and Reporting in Winston-Salem
Progent's ransomware forensics consultants can save the evidence of a ransomware assault and perform a comprehensive forensics investigation without disrupting the processes related to operational resumption and data recovery. Your Winston-Salem organization can use Progent's post-attack ransomware forensics report to combat future ransomware attacks, validate the recovery of encrypted data, and meet insurance and regulatory reporting requirements.
Ransomware forensics analysis involves determining and documenting the ransomware attack's storyline throughout the targeted network from beginning to end. This history of how a ransomware assault travelled through the network helps your IT staff to evaluate the impact and uncovers gaps in rules or processes that need to be corrected to avoid later break-ins. Forensic analysis is usually given a high priority by the insurance provider and is often required by government and industry regulations. Because forensics can take time, it is essential that other important activities such as business resumption are performed in parallel. Progent has an extensive roster of IT and data security professionals with the skills needed to perform the work of containment, operational continuity, and data restoration without interfering with forensics.
Ransomware forensics investigation is time consuming and calls for close interaction with the groups assigned to file recovery and, if necessary, settlement discussions with the ransomware Threat Actor. Ransomware forensics can require the review of logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to detect anomalies.
Services involved with forensics include:
- Detach without shutting down all potentially affected devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user PWs, and configuring 2FA to secure backups.
- Capture forensically valid images of all exposed devices so the file recovery group can get started
- Preserve firewall, virtual private network, and other key logs as quickly as possible
- Establish the variety of ransomware used in the attack
- Examine each computer and data store on the network including cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Establish the type of ransomware involved in the attack
- Study logs and user sessions to establish the time frame of the assault and to identify any potential sideways movement from the originally infected system
- Identify the security gaps exploited to perpetrate the ransomware assault
- Look for new executables associated with the first encrypted files or network compromise
- Parse Outlook web archives
- Examine attachments
- Separate URLs from email messages and check to see if they are malware
- Produce extensive incident documentation to meet your insurance carrier and compliance mandates
- Suggest recommendations to close cybersecurity gaps and enforce processes that lower the risk of a future ransomware breach
Progent has provided online and on-premises network services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SBEs) includes consultants who have been awarded advanced certifications in core technologies such as Cisco networking, VMware, and popular distributions of Linux. Progent's data security experts have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial management and ERP application software. This scope of skills allows Progent to identify and consolidate the surviving parts of your network following a ransomware attack and rebuild them quickly into a functioning network. Progent has collaborated with leading cyber insurance carriers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in Winston-Salem
To learn more about ways Progent can assist your Winston-Salem business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.