Progent's Ransomware Forensics Investigation and Reporting in Augusta-Richmond County
Progent's ransomware forensics consultants can save the system state after a ransomware assault and carry out a detailed forensics investigation without interfering with activity required for business continuity and data restoration. Your Augusta-Richmond County organization can utilize Progent's post-attack forensics report to counter future ransomware assaults, assist in the recovery of encrypted data, and comply with insurance carrier and regulatory mandates.
Ransomware forensics analysis involves discovering and describing the ransomware assault's storyline across the network from beginning to end. This audit trail of the way a ransomware assault progressed within the network helps your IT staff to assess the impact and uncovers shortcomings in security policies or work habits that need to be rectified to prevent later breaches. Forensic analysis is typically given a high priority by the cyber insurance provider and is typically required by government and industry regulations. Since forensic analysis can take time, it is vital that other key activities such as business resumption are executed in parallel. Progent maintains a large team of information technology and data security experts with the skills required to perform activities for containment, operational continuity, and data recovery without interfering with forensics.
Ransomware forensics is complicated and calls for intimate cooperation with the groups assigned to data restoration and, if necessary, payment negotiation with the ransomware hacker. Ransomware forensics can involve the examination of logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to check for changes.
Services associated with forensics analysis include:
- Isolate but avoid shutting off all possibly suspect devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and implementing two-factor authentication to secure your backups.
- Capture forensically complete images of all exposed devices so the data recovery team can get started
- Preserve firewall, virtual private network, and other key logs as quickly as possible
- Establish the strain of ransomware involved in the attack
- Survey each machine and data store on the network including cloud storage for signs of compromise
- Inventory all compromised devices
- Determine the type of ransomware used in the attack
- Review logs and sessions to establish the time frame of the assault and to identify any possible lateral migration from the originally infected machine
- Identify the security gaps exploited to carry out the ransomware attack
- Search for the creation of executables associated with the original encrypted files or network compromise
- Parse Outlook web archives
- Examine attachments
- Extract URLs embedded in email messages and determine whether they are malicious
- Provide detailed attack documentation to satisfy your insurance carrier and compliance regulations
- Document recommendations to close security gaps and enforce workflows that lower the exposure to a future ransomware exploit
Progent has delivered online and onsite network services across the United States for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have been awarded high-level certifications in foundation technology platforms including Cisco networking, VMware, and major Linux distros. Progent's data security experts have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial management and ERP applications. This scope of expertise gives Progent the ability to salvage and consolidate the undamaged pieces of your IT environment after a ransomware intrusion and rebuild them rapidly into an operational network. Progent has collaborated with leading cyber insurance carriers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Augusta-Richmond County
To learn more about ways Progent can assist your Augusta-Richmond County organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.