Progent's Ransomware Forensics Investigation and Reporting in Tampa
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and carry out a detailed forensics analysis without interfering with activity required for business continuity and data recovery. Your Tampa organization can utilize Progent's post-attack ransomware forensics documentation to counter future ransomware attacks, validate the recovery of lost data, and comply with insurance carrier and regulatory mandates.
Ransomware forensics analysis involves tracking and describing the ransomware assault's progress throughout the network from beginning to end. This history of how a ransomware attack progressed within the network helps you to assess the damage and highlights shortcomings in policies or work habits that need to be corrected to avoid later break-ins. Forensic analysis is typically given a high priority by the insurance carrier and is often required by state and industry regulations. Since forensic analysis can be time consuming, it is vital that other key recovery processes such as operational resumption are executed in parallel. Progent has an extensive team of information technology and data security experts with the knowledge and experience needed to carry out the work of containment, operational resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics investigation is time consuming and calls for close interaction with the teams responsible for data cleanup and, if necessary, payment negotiation with the ransomware hacker. Ransomware forensics typically involve the examination of all logs, registry, Group Policy Object, AD, DNS, routers, firewalls, scheduled tasks, and core Windows systems to look for anomalies.
Activities associated with forensics investigation include:
- Detach but avoid shutting down all potentially impacted devices from the network. This may involve closing all RDP ports and Internet connected network-attached storage, changing admin credentials and user passwords, and implementing two-factor authentication to secure your backups.
- Copy forensically sound digital images of all exposed devices so your file recovery group can proceed
- Save firewall, virtual private network, and additional key logs as soon as possible
- Establish the version of ransomware used in the assault
- Inspect each machine and storage device on the system as well as cloud-hosted storage for signs of encryption
- Inventory all encrypted devices
- Establish the type of ransomware involved in the assault
- Study logs and sessions in order to determine the time frame of the assault and to identify any possible lateral movement from the first compromised system
- Understand the attack vectors exploited to perpetrate the ransomware attack
- Search for new executables associated with the first encrypted files or system compromise
- Parse Outlook PST files
- Examine attachments
- Separate URLs from messages and check to see if they are malware
- Produce detailed attack documentation to meet your insurance and compliance regulations
- List recommended improvements to shore up cybersecurity gaps and improve processes that lower the exposure to a future ransomware breach
Progent's Qualifications
Progent has provided remote and on-premises IT services across the United States for more than two decades and has been awarded Microsoft's Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes consultants who have earned high-level certifications in core technology platforms including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's data security experts have earned internationally recognized certifications such as CISA, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning application software. This breadth of expertise gives Progent the ability to identify and consolidate the surviving pieces of your network following a ransomware assault and reconstruct them rapidly into a functioning system. Progent has collaborated with top cyber insurance providers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Tampa
To find out more information about ways Progent can help your Tampa organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.