Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Rockville
Progent's ransomware forensics experts can capture the system state after a ransomware assault and carry out a comprehensive forensics analysis without impeding activity related to business resumption and data restoration. Your Rockville business can use Progent's post-attack forensics documentation to combat subsequent ransomware assaults, assist in the recovery of lost data, and comply with insurance carrier and governmental reporting requirements.
Ransomware forensics analysis is aimed at determining and describing the ransomware assault's progress throughout the network from start to finish. This history of how a ransomware attack progressed through the network helps you to assess the damage and uncovers gaps in security policies or processes that should be rectified to prevent later break-ins. Forensics is usually given a high priority by the insurance carrier and is typically required by state and industry regulations. Since forensic analysis can be time consuming, it is essential that other important activities such as operational resumption are executed in parallel. Progent maintains a large roster of IT and data security professionals with the skills required to perform activities for containment, business resumption, and data restoration without disrupting forensics.
Ransomware forensics analysis is complicated and requires intimate cooperation with the teams responsible for data recovery and, if needed, payment negotiation with the ransomware Threat Actor (TA). forensics can involve the review of all logs, registry, GPO, AD, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to look for variations.
Services associated with forensics investigation include:
- Detach but avoid shutting off all possibly impacted devices from the system. This can require closing all RDP ports and Internet facing NAS storage, changing admin credentials and user PWs, and configuring 2FA to secure backups.
- Preserve forensically sound images of all suspect devices so your data restoration group can proceed
- Save firewall, VPN, and other key logs as quickly as possible
- Determine the variety of ransomware involved in the attack
- Survey every computer and data store on the system including cloud-hosted storage for indications of compromise
- Catalog all compromised devices
- Determine the kind of ransomware involved in the attack
- Study logs and sessions in order to establish the time frame of the assault and to spot any potential sideways movement from the originally infected machine
- Identify the attack vectors used to carry out the ransomware assault
- Search for the creation of executables surrounding the original encrypted files or network breach
- Parse Outlook PST files
- Analyze attachments
- Separate any URLs from messages and check to see if they are malicious
- Produce comprehensive attack reporting to meet your insurance carrier and compliance requirements
- Suggest recommendations to shore up security vulnerabilities and improve processes that lower the exposure to a future ransomware exploit
Progent's Background
Progent has provided remote and onsite network services throughout the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in foundation technology platforms such as Cisco networking, VMware, and popular Linux distros. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial management and Enterprise Resource Planning application software. This breadth of skills gives Progent the ability to salvage and consolidate the surviving parts of your information system after a ransomware intrusion and reconstruct them quickly into a viable network. Progent has collaborated with top cyber insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Rockville
To learn more about how Progent can assist your Rockville organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.