Overview of Progent's Ransomware Forensics Investigation and Reporting in Las Vegas
Progent's ransomware forensics consultants can preserve the system state after a ransomware assault and perform a detailed forensics investigation without impeding activity related to business continuity and data restoration. Your Las Vegas organization can use Progent's ransomware forensics report to counter subsequent ransomware attacks, validate the recovery of lost data, and meet insurance and governmental reporting requirements.
Ransomware forensics analysis involves determining and describing the ransomware assault's progress across the network from start to finish. This audit trail of the way a ransomware attack travelled within the network helps you to assess the impact and brings to light weaknesses in policies or work habits that should be rectified to avoid later break-ins. Forensics is typically assigned a top priority by the cyber insurance carrier and is typically required by state and industry regulations. Because forensic analysis can take time, it is essential that other key activities such as business resumption are pursued concurrently. Progent has a large roster of IT and data security experts with the skills required to perform the work of containment, operational continuity, and data recovery without interfering with forensics.
Ransomware forensics analysis is complicated and calls for intimate interaction with the teams assigned to data cleanup and, if necessary, payment talks with the ransomware Threat Actor (TA). Ransomware forensics can involve the examination of logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, schedulers, and core Windows systems to detect anomalies.
Services associated with forensics investigation include:
- Isolate without shutting down all possibly impacted devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, changing admin credentials and user PWs, and configuring two-factor authentication to guard your backups.
- Copy forensically valid digital images of all exposed devices so the data recovery group can proceed
- Preserve firewall, virtual private network, and other key logs as quickly as feasible
- Determine the strain of ransomware involved in the attack
- Examine every computer and data store on the network including cloud-hosted storage for indications of encryption
- Catalog all encrypted devices
- Determine the type of ransomware used in the assault
- Review log activity and user sessions in order to determine the time frame of the attack and to identify any potential sideways movement from the first compromised system
- Identify the security gaps exploited to carry out the ransomware assault
- Search for the creation of executables surrounding the first encrypted files or system breach
- Parse Outlook web archives
- Analyze email attachments
- Extract URLs from email messages and determine whether they are malicious
- Provide detailed incident documentation to satisfy your insurance and compliance requirements
- List recommendations to shore up cybersecurity vulnerabilities and enforce workflows that reduce the exposure to a future ransomware exploit
Progent has delivered online and on-premises IT services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have earned high-level certifications in core technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP, and GIAC. (See Progent's certifications). Progent also has guidance in financial and Enterprise Resource Planning software. This scope of skills allows Progent to identify and integrate the undamaged pieces of your IT environment following a ransomware intrusion and reconstruct them rapidly into an operational network. Progent has worked with leading insurance carriers including Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Las Vegas
To find out more information about ways Progent can assist your Las Vegas organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.