Progent's Ransomware Forensics Investigation and Reporting in Fremont
Progent's ransomware forensics experts can preserve the system state after a ransomware assault and perform a detailed forensics investigation without disrupting the processes required for operational continuity and data restoration. Your Fremont organization can utilize Progent's forensics report to block subsequent ransomware attacks, validate the restoration of encrypted data, and meet insurance and governmental requirements.
Ransomware forensics is aimed at discovering and documenting the ransomware assault's storyline throughout the network from start to finish. This history of how a ransomware attack travelled within the network helps you to assess the impact and brings to light vulnerabilities in rules or work habits that should be rectified to avoid later breaches. Forensics is typically given a high priority by the cyber insurance carrier and is often mandated by government and industry regulations. Since forensic analysis can take time, it is vital that other key recovery processes like business resumption are executed in parallel. Progent maintains a large roster of information technology and data security experts with the skills needed to carry out the work of containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics analysis is arduous and requires close cooperation with the groups assigned to file cleanup and, if necessary, settlement talks with the ransomware Threat Actor (TA). Ransomware forensics can involve the review of logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect changes.
Activities associated with forensics investigation include:
- Detach without shutting down all potentially suspect devices from the network. This can involve closing all RDP ports and Internet connected network-attached storage, changing admin credentials and user PWs, and implementing 2FA to protect backups.
- Capture forensically valid digital images of all exposed devices so the file recovery team can get started
- Save firewall, VPN, and additional critical logs as soon as possible
- Identify the kind of ransomware involved in the attack
- Survey each computer and storage device on the network including cloud-hosted storage for signs of encryption
- Catalog all encrypted devices
- Establish the type of ransomware involved in the assault
- Review logs and sessions in order to establish the time frame of the ransomware assault and to spot any possible lateral movement from the originally infected system
- Identify the security gaps used to perpetrate the ransomware assault
- Search for the creation of executables surrounding the original encrypted files or system breach
- Parse Outlook PST files
- Examine email attachments
- Extract URLs from messages and check to see if they are malware
- Produce extensive attack documentation to satisfy your insurance carrier and compliance mandates
- Suggest recommendations to shore up security vulnerabilities and enforce processes that lower the exposure to a future ransomware breach
Progent has delivered online and on-premises network services throughout the United States for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned advanced certifications in core technology platforms including Cisco networking, VMware, and major distributions of Linux. Progent's data security consultants have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning applications. This breadth of skills allows Progent to salvage and consolidate the undamaged parts of your network following a ransomware intrusion and rebuild them quickly into a viable network. Progent has collaborated with leading insurance carriers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in Fremont
To learn more information about ways Progent can help your Fremont business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.