Progent's Ransomware Forensics Analysis and Reporting in Waltham
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and perform a detailed forensics analysis without interfering with the processes related to business continuity and data restoration. Your Waltham organization can utilize Progent's ransomware forensics documentation to combat future ransomware attacks, validate the recovery of lost data, and meet insurance carrier and regulatory requirements.
Ransomware forensics investigation is aimed at determining and documenting the ransomware assault's progress across the network from start to finish. This audit trail of how a ransomware assault progressed through the network assists your IT staff to assess the damage and highlights shortcomings in security policies or work habits that need to be rectified to prevent later breaches. Forensic analysis is commonly given a high priority by the cyber insurance carrier and is often required by state and industry regulations. Since forensics can be time consuming, it is critical that other important recovery processes such as operational resumption are performed in parallel. Progent maintains an extensive team of information technology and security experts with the knowledge and experience required to carry out the work of containment, business continuity, and data restoration without disrupting forensics.
Ransomware forensics analysis is complicated and calls for close interaction with the teams responsible for data restoration and, if needed, payment talks with the ransomware Threat Actor (TA). Ransomware forensics typically involve the review of all logs, registry, Group Policy Object, AD, DNS, routers, firewalls, schedulers, and core Windows systems to check for variations.
Services associated with forensics investigation include:
- Detach but avoid shutting down all potentially impacted devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and configuring 2FA to secure backups.
- Preserve forensically valid digital images of all exposed devices so the file restoration team can get started
- Preserve firewall, VPN, and additional critical logs as soon as possible
- Determine the type of ransomware involved in the assault
- Survey each machine and data store on the network as well as cloud storage for indications of compromise
- Inventory all compromised devices
- Establish the kind of ransomware used in the assault
- Review log activity and user sessions in order to establish the timeline of the ransomware assault and to spot any possible sideways movement from the originally infected system
- Understand the security gaps exploited to perpetrate the ransomware assault
- Search for new executables surrounding the first encrypted files or system breach
- Parse Outlook web archives
- Examine email attachments
- Separate URLs embedded in email messages and check to see whether they are malware
- Produce comprehensive attack reporting to satisfy your insurance carrier and compliance mandates
- Suggest recommendations to close security gaps and enforce workflows that lower the risk of a future ransomware exploit
Progent has provided online and on-premises network services across the U.S. for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have earned high-level certifications in core technologies such as Cisco networking, VMware, and popular Linux distros. Progent's data security consultants have earned internationally recognized certifications including CISA, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning applications. This breadth of skills gives Progent the ability to salvage and integrate the undamaged parts of your network after a ransomware intrusion and reconstruct them quickly into a functioning network. Progent has worked with leading insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Waltham
To find out more information about how Progent can help your Waltham organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.