Progent's Ransomware Forensics Analysis and Reporting Services in Atlanta
Progent's ransomware forensics experts can capture the system state after a ransomware attack and carry out a detailed forensics analysis without disrupting activity related to operational resumption and data restoration. Your Atlanta organization can use Progent's post-attack forensics documentation to counter subsequent ransomware assaults, validate the restoration of lost data, and comply with insurance and regulatory reporting requirements.
Ransomware forensics analysis is aimed at tracking and describing the ransomware attack's storyline throughout the targeted network from beginning to end. This audit trail of how a ransomware attack progressed through the network assists you to assess the impact and uncovers vulnerabilities in rules or processes that need to be rectified to prevent future break-ins. Forensic analysis is usually assigned a high priority by the insurance carrier and is often required by government and industry regulations. Because forensics can take time, it is vital that other key recovery processes like operational continuity are pursued concurrently. Progent has a large roster of IT and security experts with the skills needed to perform the work of containment, operational resumption, and data recovery without disrupting forensics.
Ransomware forensics investigation is complex and calls for close cooperation with the teams responsible for file recovery and, if necessary, payment negotiation with the ransomware Threat Actor. Ransomware forensics typically require the examination of all logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, schedulers, and core Windows systems to look for changes.
Services associated with forensics analysis include:
- Isolate but avoid shutting off all potentially suspect devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, changing admin credentials and user PWs, and configuring 2FA to guard backups.
- Capture forensically sound images of all suspect devices so your file restoration team can proceed
- Preserve firewall, virtual private network, and additional key logs as soon as feasible
- Identify the version of ransomware used in the assault
- Examine every computer and storage device on the system including cloud-hosted storage for signs of compromise
- Inventory all encrypted devices
- Determine the kind of ransomware used in the attack
- Review logs and sessions to determine the time frame of the ransomware attack and to spot any potential sideways movement from the originally infected system
- Understand the attack vectors used to carry out the ransomware attack
- Search for the creation of executables associated with the first encrypted files or network breach
- Parse Outlook PST files
- Analyze attachments
- Separate any URLs embedded in email messages and check to see if they are malicious
- Provide detailed attack reporting to meet your insurance and compliance mandates
- Document recommended improvements to shore up security vulnerabilities and enforce processes that lower the risk of a future ransomware breach
Progent's Qualifications
Progent has delivered remote and onsite network services across the United States for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have been awarded high-level certifications in core technologies including Cisco networking, VMware, and popular Linux distros. Progent's data security experts have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP software. This scope of skills gives Progent the ability to identify and consolidate the undamaged parts of your information system following a ransomware intrusion and reconstruct them rapidly into a functioning network. Progent has collaborated with leading cyber insurance carriers including Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Atlanta
To learn more about how Progent can help your Atlanta organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.