Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Augusta-Richmond County
Progent's ransomware forensics experts can save the system state after a ransomware assault and perform a comprehensive forensics analysis without interfering with activity required for business continuity and data restoration. Your Augusta-Richmond County organization can use Progent's ransomware forensics documentation to block subsequent ransomware assaults, assist in the restoration of lost data, and comply with insurance and regulatory mandates.
Ransomware forensics is aimed at discovering and describing the ransomware assault's storyline across the network from beginning to end. This history of how a ransomware attack progressed through the network helps you to evaluate the damage and uncovers vulnerabilities in rules or work habits that need to be rectified to prevent later break-ins. Forensics is usually given a high priority by the insurance provider and is typically mandated by state and industry regulations. Since forensics can take time, it is critical that other important activities such as business continuity are executed concurrently. Progent maintains an extensive roster of IT and cybersecurity experts with the knowledge and experience needed to carry out activities for containment, business continuity, and data restoration without interfering with forensics.
Ransomware forensics is arduous and requires close cooperation with the teams focused on data restoration and, if necessary, payment discussions with the ransomware Threat Actor (TA). Ransomware forensics typically involve the review of logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to look for variations.
Activities associated with forensics analysis include:
- Disconnect without shutting down all possibly impacted devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user PWs, and setting up two-factor authentication to secure your backups.
- Preserve forensically valid duplicates of all suspect devices so the data restoration team can get started
- Save firewall, VPN, and other critical logs as quickly as feasible
- Identify the type of ransomware used in the attack
- Examine every machine and storage device on the system including cloud-hosted storage for signs of compromise
- Catalog all encrypted devices
- Determine the type of ransomware involved in the attack
- Review logs and sessions to determine the time frame of the ransomware attack and to identify any potential lateral migration from the originally infected system
- Understand the security gaps exploited to carry out the ransomware assault
- Look for the creation of executables associated with the original encrypted files or network compromise
- Parse Outlook PST files
- Examine attachments
- Separate any URLs embedded in messages and determine whether they are malicious
- Produce comprehensive incident reporting to meet your insurance and compliance regulations
- Suggest recommended improvements to close security vulnerabilities and enforce processes that lower the exposure to a future ransomware breach
Progent has provided remote and on-premises IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SBEs) includes consultants who have earned advanced certifications in foundation technologies such as Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned industry-recognized certifications such as CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning software. This breadth of expertise allows Progent to identify and consolidate the undamaged parts of your information system following a ransomware assault and reconstruct them quickly into a functioning network. Progent has collaborated with top cyber insurance providers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Augusta-Richmond County
To learn more information about how Progent can help your Augusta-Richmond County organization with ransomware forensics, call 1-800-993-9400 or visit Contact Progent.