Progent's Ransomware Forensics and Reporting in Waltham
Progent's ransomware forensics consultants can save the system state after a ransomware assault and perform a detailed forensics analysis without interfering with the processes related to business resumption and data restoration. Your Waltham business can utilize Progent's post-attack ransomware forensics report to counter subsequent ransomware attacks, assist in the cleanup of encrypted data, and meet insurance carrier and regulatory mandates.
Ransomware forensics investigation is aimed at determining and documenting the ransomware attack's progress across the targeted network from start to finish. This history of how a ransomware assault progressed within the network helps you to assess the damage and highlights shortcomings in rules or work habits that should be rectified to avoid later breaches. Forensics is usually given a top priority by the insurance provider and is typically mandated by state and industry regulations. Because forensics can be time consuming, it is critical that other key activities like operational resumption are pursued concurrently. Progent maintains a large roster of information technology and data security experts with the knowledge and experience required to carry out the work of containment, operational continuity, and data restoration without interfering with forensics.
Ransomware forensics is complex and requires close interaction with the teams responsible for data cleanup and, if necessary, payment talks with the ransomware Threat Actor. forensics typically require the review of all logs, registry, Group Policy Object (GPO), AD, DNS, routers, firewalls, schedulers, and basic Windows systems to check for anomalies.
Services associated with forensics analysis include:
- Isolate but avoid shutting down all possibly impacted devices from the network. This can require closing all RDP ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and setting up 2FA to secure your backups.
- Capture forensically complete duplicates of all suspect devices so the data restoration group can proceed
- Preserve firewall, VPN, and additional key logs as soon as possible
- Identify the version of ransomware used in the attack
- Inspect every machine and data store on the network as well as cloud storage for indications of encryption
- Inventory all encrypted devices
- Establish the type of ransomware used in the assault
- Review logs and sessions in order to determine the time frame of the attack and to identify any potential sideways movement from the originally compromised system
- Identify the attack vectors exploited to perpetrate the ransomware attack
- Look for new executables surrounding the original encrypted files or network compromise
- Parse Outlook web archives
- Examine email attachments
- Separate URLs from email messages and determine whether they are malware
- Produce comprehensive attack documentation to meet your insurance carrier and compliance regulations
- Suggest recommended improvements to close security vulnerabilities and enforce workflows that lower the risk of a future ransomware exploit
Progent has delivered remote and onsite network services across the U.S. for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of SBEs includes professionals who have been awarded advanced certifications in core technologies including Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications including CISM, CISSP, and CRISC. (Refer to Progent's certifications). Progent also offers top-tier support in financial and ERP application software. This broad array of skills allows Progent to identify and consolidate the surviving parts of your IT environment following a ransomware attack and rebuild them rapidly into a viable system. Progent has worked with leading insurance carriers including Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Waltham
To find out more about how Progent can assist your Waltham business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.