Progent's Ransomware Forensics and Reporting in Waltham
Progent's ransomware forensics consultants can capture the system state after a ransomware assault and perform a comprehensive forensics analysis without impeding activity required for operational continuity and data restoration. Your Waltham business can utilize Progent's post-attack ransomware forensics report to block subsequent ransomware attacks, assist in the cleanup of lost data, and meet insurance carrier and regulatory requirements.
Ransomware forensics analysis is aimed at tracking and documenting the ransomware attack's storyline across the network from start to finish. This audit trail of how a ransomware attack travelled through the network assists you to assess the impact and uncovers gaps in security policies or work habits that should be rectified to prevent later breaches. Forensic analysis is typically assigned a high priority by the cyber insurance carrier and is often required by state and industry regulations. Since forensics can be time consuming, it is critical that other key activities such as operational continuity are pursued in parallel. Progent maintains a large roster of information technology and cybersecurity experts with the knowledge and experience needed to perform activities for containment, business resumption, and data recovery without interfering with forensics.
Ransomware forensics investigation is arduous and calls for intimate cooperation with the groups assigned to data restoration and, if necessary, settlement discussions with the ransomware Threat Actor (TA). forensics can involve the review of all logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to detect variations.
Services involved with forensics analysis include:
- Disconnect without shutting down all possibly suspect devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and implementing 2FA to guard backups.
- Copy forensically complete images of all exposed devices so the data recovery team can proceed
- Preserve firewall, virtual private network, and additional key logs as soon as possible
- Identify the version of ransomware used in the assault
- Survey each machine and storage device on the network as well as cloud storage for indications of compromise
- Catalog all encrypted devices
- Determine the type of ransomware used in the attack
- Review log activity and sessions in order to determine the time frame of the ransomware attack and to spot any possible lateral migration from the first infected system
- Understand the attack vectors exploited to perpetrate the ransomware assault
- Search for the creation of executables associated with the first encrypted files or system compromise
- Parse Outlook web archives
- Examine attachments
- Extract any URLs embedded in email messages and determine whether they are malicious
- Produce detailed attack reporting to meet your insurance carrier and compliance requirements
- List recommendations to shore up cybersecurity gaps and enforce processes that reduce the risk of a future ransomware exploit
Progent's Background
Progent has delivered online and onsite IT services across the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have earned high-level certifications in foundation technologies including Cisco infrastructure, VMware, and major Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications including CISM, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also offers top-tier support in financial management and Enterprise Resource Planning applications. This broad array of expertise allows Progent to salvage and integrate the surviving pieces of your information system after a ransomware assault and rebuild them quickly into a viable system. Progent has worked with top insurance providers like Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Services in Waltham
To find out more about ways Progent can assist your Waltham business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.