Progent's Ransomware Forensics and Reporting in Augusta-Richmond County
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and carry out a detailed forensics analysis without interfering with the processes related to operational resumption and data recovery. Your Augusta-Richmond County organization can use Progent's post-attack ransomware forensics documentation to combat future ransomware attacks, assist in the restoration of encrypted data, and meet insurance and regulatory reporting requirements.
Ransomware forensics investigation is aimed at tracking and describing the ransomware assault's progress across the network from beginning to end. This audit trail of the way a ransomware attack travelled within the network helps you to assess the impact and highlights weaknesses in security policies or work habits that need to be corrected to prevent future breaches. Forensic analysis is commonly given a top priority by the cyber insurance provider and is often required by government and industry regulations. Because forensic analysis can be time consuming, it is vital that other important activities like business continuity are executed concurrently. Progent maintains a large roster of information technology and cybersecurity experts with the skills required to perform activities for containment, operational resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics is arduous and requires close cooperation with the teams responsible for file recovery and, if necessary, payment discussions with the ransomware hacker. Ransomware forensics typically require the examination of logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to detect anomalies.
Services involved with forensics include:
- Disconnect but avoid shutting down all possibly suspect devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and implementing 2FA to guard your backups.
- Capture forensically complete duplicates of all suspect devices so the file restoration team can proceed
- Preserve firewall, VPN, and additional key logs as soon as feasible
- Identify the kind of ransomware used in the assault
- Examine every machine and data store on the network as well as cloud-hosted storage for signs of encryption
- Inventory all encrypted devices
- Determine the type of ransomware involved in the assault
- Review log activity and sessions to establish the timeline of the assault and to spot any potential lateral migration from the originally compromised machine
- Understand the security gaps exploited to carry out the ransomware assault
- Search for new executables associated with the original encrypted files or system breach
- Parse Outlook PST files
- Analyze attachments
- Extract URLs from messages and check to see if they are malware
- Produce detailed attack documentation to meet your insurance carrier and compliance requirements
- List recommended improvements to shore up cybersecurity gaps and improve workflows that lower the exposure to a future ransomware exploit
Progent's Background
Progent has provided remote and on-premises IT services across the United States for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have earned advanced certifications in foundation technologies including Cisco networking, VMware, and popular distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also has top-tier support in financial and ERP application software. This breadth of expertise allows Progent to salvage and consolidate the undamaged pieces of your IT environment following a ransomware assault and rebuild them rapidly into a functioning system. Progent has worked with leading insurance providers including Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Services in Augusta-Richmond County
To learn more about ways Progent can assist your Augusta-Richmond County organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.