Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Rockville
Progent's ransomware forensics consultants can save the evidence of a ransomware attack and perform a comprehensive forensics analysis without slowing down activity required for business continuity and data restoration. Your Rockville business can utilize Progent's post-attack ransomware forensics documentation to block future ransomware assaults, assist in the restoration of encrypted data, and meet insurance carrier and governmental requirements.
Ransomware forensics involves determining and documenting the ransomware assault's progress throughout the targeted network from start to finish. This history of the way a ransomware attack travelled within the network helps your IT staff to evaluate the impact and highlights weaknesses in rules or work habits that should be rectified to prevent later breaches. Forensic analysis is typically assigned a high priority by the cyber insurance provider and is typically mandated by state and industry regulations. Because forensics can take time, it is critical that other important recovery processes like business continuity are executed in parallel. Progent maintains a large roster of information technology and cybersecurity professionals with the knowledge and experience required to perform activities for containment, business continuity, and data restoration without interfering with forensics.
Ransomware forensics is time consuming and requires intimate cooperation with the groups responsible for file recovery and, if needed, settlement discussions with the ransomware hacker. Ransomware forensics can require the examination of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to detect anomalies.
Services associated with forensics include:
- Disconnect but avoid shutting down all potentially affected devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and configuring two-factor authentication to secure backups.
- Create forensically valid digital images of all exposed devices so your data recovery team can proceed
- Preserve firewall, VPN, and other critical logs as quickly as possible
- Establish the type of ransomware involved in the attack
- Examine each machine and data store on the system including cloud storage for signs of compromise
- Inventory all encrypted devices
- Determine the kind of ransomware used in the assault
- Study logs and sessions to establish the time frame of the attack and to identify any potential sideways migration from the originally compromised machine
- Understand the security gaps used to perpetrate the ransomware assault
- Search for the creation of executables surrounding the first encrypted files or system compromise
- Parse Outlook web archives
- Analyze email attachments
- Extract URLs embedded in messages and check to see if they are malicious
- Provide detailed incident reporting to satisfy your insurance carrier and compliance mandates
- Document recommended improvements to close security gaps and improve processes that reduce the exposure to a future ransomware breach
Progent has provided remote and onsite network services throughout the United States for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes consultants who have earned advanced certifications in foundation technology platforms including Cisco infrastructure, VMware, and major Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning software. This breadth of skills allows Progent to salvage and consolidate the surviving pieces of your network following a ransomware intrusion and rebuild them quickly into a viable network. Progent has worked with leading cyber insurance providers like Chubb to assist businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Rockville
To learn more about how Progent can assist your Rockville business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.