Progent's Ransomware Forensics Investigation and Reporting in Campinas
Progent's ransomware forensics consultants can preserve the system state after a ransomware attack and carry out a comprehensive forensics analysis without slowing down the processes required for business resumption and data recovery. Your Campinas organization can use Progent's post-attack ransomware forensics documentation to counter subsequent ransomware attacks, validate the recovery of encrypted data, and meet insurance carrier and regulatory requirements.
Ransomware forensics analysis is aimed at determining and describing the ransomware attack's storyline across the network from beginning to end. This audit trail of how a ransomware assault progressed through the network helps you to assess the impact and brings to light weaknesses in policies or processes that should be corrected to avoid later break-ins. Forensics is typically given a high priority by the insurance provider and is often mandated by government and industry regulations. Since forensic analysis can take time, it is essential that other key activities like operational resumption are pursued in parallel. Progent maintains an extensive team of IT and data security experts with the skills required to carry out activities for containment, operational continuity, and data restoration without disrupting forensics.
Ransomware forensics investigation is arduous and requires close interaction with the teams focused on file recovery and, if needed, settlement discussions with the ransomware hacker. Ransomware forensics can involve the examination of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, schedulers, and basic Windows systems to look for anomalies.
Activities involved with forensics analysis include:
- Detach without shutting down all potentially affected devices from the network. This may require closing all RDP ports and Internet connected NAS storage, changing admin credentials and user PWs, and configuring 2FA to guard backups.
- Preserve forensically complete images of all suspect devices so your file restoration group can proceed
- Preserve firewall, VPN, and additional critical logs as quickly as feasible
- Identify the type of ransomware used in the attack
- Examine every computer and storage device on the network including cloud-hosted storage for signs of compromise
- Inventory all encrypted devices
- Determine the type of ransomware used in the attack
- Review logs and user sessions in order to determine the timeline of the attack and to identify any possible lateral migration from the first infected machine
- Understand the attack vectors exploited to carry out the ransomware assault
- Look for new executables associated with the original encrypted files or network breach
- Parse Outlook PST files
- Analyze email attachments
- Extract any URLs from email messages and determine whether they are malware
- Provide detailed incident documentation to meet your insurance and compliance regulations
- List recommended improvements to close cybersecurity vulnerabilities and improve processes that reduce the risk of a future ransomware exploit
Progent has provided online and on-premises network services across the United States for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SBEs) includes professionals who have been awarded high-level certifications in core technology platforms such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and ERP application software. This broad array of skills allows Progent to salvage and consolidate the undamaged parts of your IT environment after a ransomware attack and reconstruct them rapidly into a viable network. Progent has collaborated with top insurance providers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Campinas
To find out more information about ways Progent can help your Campinas organization with ransomware forensics investigation, call 1-800-993-9400 or visit Contact Progent.