Overview of Progent's Ransomware Forensics Investigation and Reporting in Phoenix
Progent's ransomware forensics consultants can capture the system state after a ransomware attack and carry out a comprehensive forensics investigation without slowing down the processes required for operational resumption and data restoration. Your Phoenix organization can use Progent's forensics report to combat subsequent ransomware assaults, assist in the recovery of lost data, and meet insurance and regulatory reporting requirements.
Ransomware forensics is aimed at discovering and describing the ransomware assault's progress across the targeted network from start to finish. This history of the way a ransomware attack travelled within the network helps your IT staff to assess the damage and uncovers shortcomings in policies or work habits that need to be rectified to prevent later break-ins. Forensics is commonly assigned a top priority by the insurance provider and is often required by government and industry regulations. Since forensic analysis can take time, it is critical that other key activities such as business continuity are performed concurrently. Progent maintains a large team of IT and cybersecurity professionals with the skills required to carry out activities for containment, operational continuity, and data recovery without disrupting forensics.
Ransomware forensics analysis is time consuming and requires close interaction with the groups assigned to file cleanup and, if needed, settlement negotiation with the ransomware hacker. Ransomware forensics can involve the examination of logs, registry, GPO, Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to check for changes.
Services associated with forensics analysis include:
- Isolate without shutting off all possibly affected devices from the system. This may require closing all RDP ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and implementing 2FA to guard your backups.
- Create forensically valid digital images of all suspect devices so the data restoration group can get started
- Preserve firewall, VPN, and other key logs as soon as feasible
- Determine the strain of ransomware used in the attack
- Examine every computer and storage device on the system including cloud storage for indications of encryption
- Inventory all encrypted devices
- Determine the type of ransomware involved in the attack
- Review log activity and user sessions in order to establish the time frame of the ransomware assault and to spot any potential lateral movement from the originally compromised machine
- Understand the attack vectors used to perpetrate the ransomware attack
- Look for the creation of executables surrounding the first encrypted files or system breach
- Parse Outlook web archives
- Examine email attachments
- Separate URLs from email messages and determine whether they are malicious
- Provide extensive attack documentation to meet your insurance and compliance regulations
- List recommended improvements to close security vulnerabilities and improve workflows that reduce the exposure to a future ransomware exploit
Progent has delivered online and on-premises IT services throughout the U.S. for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes professionals who have earned high-level certifications in core technology platforms such as Cisco infrastructure, VMware, and popular distributions of Linux. Progent's data security consultants have earned industry-recognized certifications such as CISA, CISSP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning application software. This breadth of expertise allows Progent to salvage and integrate the undamaged parts of your network following a ransomware attack and reconstruct them rapidly into a viable system. Progent has worked with top cyber insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Phoenix
To find out more information about how Progent can assist your Phoenix business with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.