Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Waltham
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and perform a comprehensive forensics investigation without interfering with the processes related to operational continuity and data recovery. Your Waltham business can use Progent's ransomware forensics documentation to counter subsequent ransomware attacks, assist in the recovery of lost data, and comply with insurance and regulatory reporting requirements.
Ransomware forensics is aimed at determining and describing the ransomware assault's progress across the targeted network from beginning to end. This audit trail of how a ransomware attack progressed through the network assists your IT staff to assess the impact and uncovers vulnerabilities in security policies or work habits that need to be rectified to avoid future break-ins. Forensic analysis is typically given a high priority by the insurance provider and is typically required by government and industry regulations. Since forensics can take time, it is critical that other important recovery processes such as business resumption are executed concurrently. Progent has an extensive roster of information technology and security professionals with the skills required to carry out activities for containment, operational resumption, and data restoration without interfering with forensics.
Ransomware forensics is complex and requires intimate interaction with the groups focused on data recovery and, if needed, settlement discussions with the ransomware Threat Actor (TA). Ransomware forensics can require the examination of logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to detect variations.
Services involved with forensics include:
- Disconnect without shutting down all potentially impacted devices from the system. This can involve closing all RDP ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and configuring 2FA to secure backups.
- Create forensically complete images of all suspect devices so the file restoration team can get started
- Preserve firewall, VPN, and additional critical logs as soon as possible
- Determine the kind of ransomware involved in the assault
- Survey every computer and data store on the network including cloud-hosted storage for indications of compromise
- Catalog all compromised devices
- Determine the kind of ransomware used in the attack
- Study log activity and user sessions in order to establish the time frame of the ransomware assault and to spot any possible lateral movement from the originally compromised system
- Understand the attack vectors exploited to carry out the ransomware assault
- Look for the creation of executables surrounding the first encrypted files or network compromise
- Parse Outlook web archives
- Examine email attachments
- Extract any URLs from email messages and determine if they are malicious
- Produce detailed incident documentation to meet your insurance and compliance regulations
- Document recommended improvements to shore up cybersecurity vulnerabilities and enforce processes that lower the exposure to a future ransomware exploit
Progent has provided online and onsite IT services across the United States for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SBEs) includes professionals who have been awarded high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware, and major distributions of Linux. Progent's data security consultants have earned industry-recognized certifications such as CISA, CISSP, and CRISC. (See Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning applications. This scope of expertise allows Progent to identify and consolidate the surviving pieces of your IT environment following a ransomware assault and reconstruct them quickly into a viable network. Progent has worked with leading insurance providers including Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Waltham
To learn more information about ways Progent can help your Waltham business with ransomware forensics analysis, call 1-800-993-9400 or see Contact Progent.