Overview of Progent's Ransomware Forensics Analysis and Reporting in Phoenix
Progent's ransomware forensics experts can save the evidence of a ransomware attack and perform a comprehensive forensics analysis without disrupting the processes related to operational continuity and data recovery. Your Phoenix business can utilize Progent's post-attack forensics documentation to combat future ransomware assaults, assist in the recovery of encrypted data, and meet insurance and governmental mandates.
Ransomware forensics involves discovering and documenting the ransomware attack's storyline across the network from start to finish. This audit trail of how a ransomware attack travelled within the network assists you to evaluate the damage and uncovers weaknesses in security policies or work habits that need to be corrected to avoid later break-ins. Forensics is commonly assigned a top priority by the cyber insurance provider and is typically mandated by state and industry regulations. Since forensics can take time, it is vital that other important activities like business continuity are executed in parallel. Progent maintains a large team of IT and security experts with the skills needed to carry out activities for containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics analysis is complicated and requires close interaction with the teams focused on data restoration and, if necessary, payment talks with the ransomware hacker. Ransomware forensics can involve the review of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, schedulers, and basic Windows systems to look for changes.
Services involved with forensics investigation include:
- Disconnect without shutting down all possibly affected devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user PWs, and setting up two-factor authentication to protect your backups.
- Preserve forensically sound digital images of all suspect devices so your file recovery team can get started
- Preserve firewall, VPN, and additional key logs as soon as possible
- Establish the kind of ransomware involved in the attack
- Inspect every machine and data store on the system including cloud storage for signs of compromise
- Catalog all compromised devices
- Determine the kind of ransomware involved in the assault
- Study logs and user sessions in order to establish the time frame of the ransomware assault and to identify any potential lateral movement from the originally infected machine
- Understand the security gaps used to perpetrate the ransomware attack
- Look for the creation of executables associated with the first encrypted files or system breach
- Parse Outlook web archives
- Analyze attachments
- Extract any URLs embedded in messages and check to see whether they are malicious
- Produce extensive incident documentation to satisfy your insurance and compliance requirements
- Document recommendations to close cybersecurity vulnerabilities and improve processes that reduce the exposure to a future ransomware exploit
Progent has provided online and on-premises IT services throughout the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SBEs includes professionals who have earned high-level certifications in core technologies such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's data security consultants have earned internationally recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial management and Enterprise Resource Planning applications. This breadth of skills allows Progent to identify and consolidate the surviving pieces of your network following a ransomware assault and reconstruct them quickly into a functioning network. Progent has worked with top insurance carriers like Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Services in Phoenix
To learn more about how Progent can help your Phoenix business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.