Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Augusta-Richmond County
Progent's ransomware forensics experts can save the system state after a ransomware assault and perform a detailed forensics investigation without interfering with the processes related to operational continuity and data restoration. Your Augusta-Richmond County business can use Progent's post-attack forensics report to combat subsequent ransomware assaults, assist in the recovery of lost data, and meet insurance and governmental reporting requirements.
Ransomware forensics investigation involves tracking and describing the ransomware attack's progress across the network from beginning to end. This history of the way a ransomware assault progressed through the network helps your IT staff to evaluate the impact and brings to light gaps in rules or processes that should be corrected to prevent future breaches. Forensics is usually given a top priority by the cyber insurance provider and is typically mandated by state and industry regulations. Because forensics can be time consuming, it is essential that other important recovery processes like operational resumption are performed in parallel. Progent has a large team of information technology and security experts with the skills needed to perform the work of containment, operational resumption, and data restoration without interfering with forensics.
Ransomware forensics investigation is time consuming and calls for intimate cooperation with the teams assigned to data cleanup and, if necessary, payment discussions with the ransomware hacker. Ransomware forensics can require the review of all logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and core Windows systems to check for variations.
Services associated with forensics include:
- Detach but avoid shutting down all possibly impacted devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and implementing 2FA to secure backups.
- Capture forensically sound digital images of all exposed devices so the file recovery team can proceed
- Preserve firewall, VPN, and other key logs as soon as feasible
- Identify the version of ransomware involved in the assault
- Inspect every computer and data store on the system including cloud storage for signs of compromise
- Catalog all compromised devices
- Establish the kind of ransomware used in the assault
- Study logs and sessions in order to determine the timeline of the ransomware attack and to identify any potential lateral migration from the originally compromised system
- Understand the attack vectors used to perpetrate the ransomware attack
- Search for new executables associated with the first encrypted files or system compromise
- Parse Outlook web archives
- Examine attachments
- Separate any URLs from email messages and determine if they are malware
- Provide extensive incident documentation to satisfy your insurance carrier and compliance requirements
- Suggest recommended improvements to close cybersecurity gaps and improve processes that lower the risk of a future ransomware breach
Progent has delivered online and onsite IT services throughout the U.S. for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes consultants who have been awarded advanced certifications in core technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and ERP application software. This broad array of expertise gives Progent the ability to identify and consolidate the surviving parts of your IT environment after a ransomware assault and reconstruct them quickly into an operational network. Progent has collaborated with leading cyber insurance carriers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Augusta-Richmond County
To learn more about ways Progent can assist your Augusta-Richmond County organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.