Progent's Ransomware Forensics Investigation and Reporting in Waltham
Progent's ransomware forensics experts can save the system state after a ransomware assault and carry out a detailed forensics investigation without impeding activity related to business resumption and data restoration. Your Waltham business can use Progent's ransomware forensics documentation to block future ransomware attacks, validate the recovery of encrypted data, and comply with insurance and regulatory reporting requirements.
Ransomware forensics investigation involves tracking and documenting the ransomware assault's progress across the network from beginning to end. This audit trail of the way a ransomware assault progressed within the network assists your IT staff to evaluate the impact and uncovers shortcomings in rules or processes that need to be corrected to prevent later breaches. Forensics is usually given a high priority by the insurance provider and is typically mandated by government and industry regulations. Because forensics can take time, it is vital that other key activities like operational continuity are performed concurrently. Progent has a large roster of information technology and data security professionals with the skills needed to carry out the work of containment, business resumption, and data recovery without interfering with forensics.
Ransomware forensics analysis is complex and requires close interaction with the groups responsible for data recovery and, if necessary, payment talks with the ransomware threat actor. forensics typically require the examination of logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, schedulers, and core Windows systems to detect anomalies.
Services associated with forensics investigation include:
- Disconnect but avoid shutting off all possibly suspect devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user PWs, and configuring two-factor authentication to secure your backups.
- Capture forensically complete images of all suspect devices so your data restoration group can get started
- Save firewall, VPN, and other key logs as soon as feasible
- Identify the kind of ransomware used in the assault
- Survey every machine and data store on the system as well as cloud-hosted storage for signs of compromise
- Inventory all compromised devices
- Establish the kind of ransomware used in the assault
- Review log activity and user sessions in order to determine the time frame of the attack and to identify any possible sideways migration from the originally infected system
- Identify the security gaps exploited to perpetrate the ransomware assault
- Look for the creation of executables surrounding the first encrypted files or network compromise
- Parse Outlook PST files
- Examine email attachments
- Extract any URLs from email messages and check to see if they are malicious
- Provide comprehensive attack documentation to meet your insurance and compliance mandates
- List recommended improvements to close security gaps and improve processes that lower the risk of a future ransomware exploit
Progent's Qualifications
Progent has provided remote and onsite network services throughout the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes consultants who have been awarded advanced certifications in core technology platforms including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP application software. This breadth of expertise gives Progent the ability to salvage and consolidate the undamaged parts of your network following a ransomware intrusion and reconstruct them quickly into a viable system. Progent has worked with top insurance carriers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Waltham
To find out more information about how Progent can assist your Waltham organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.