Progent's Ransomware Forensics Analysis and Reporting Services in Atlanta
Progent's ransomware forensics consultants can capture the evidence of a ransomware attack and perform a detailed forensics analysis without interfering with activity required for operational continuity and data recovery. Your Atlanta organization can utilize Progent's post-attack forensics report to combat subsequent ransomware attacks, assist in the recovery of encrypted data, and comply with insurance and governmental mandates.
Ransomware forensics analysis involves discovering and describing the ransomware attack's storyline across the network from beginning to end. This history of how a ransomware assault travelled within the network assists you to assess the damage and highlights weaknesses in rules or processes that should be corrected to avoid future breaches. Forensics is usually assigned a top priority by the insurance carrier and is often required by government and industry regulations. Because forensic analysis can take time, it is essential that other key recovery processes like business resumption are performed concurrently. Progent has a large team of information technology and data security experts with the knowledge and experience needed to perform the work of containment, operational continuity, and data restoration without interfering with forensics.
Ransomware forensics investigation is arduous and calls for close cooperation with the teams responsible for data cleanup and, if necessary, payment negotiation with the ransomware Threat Actor (TA). forensics typically involve the review of all logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for changes.
Activities involved with forensics analysis include:
- Isolate but avoid shutting down all possibly impacted devices from the network. This can require closing all RDP ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and implementing two-factor authentication to guard backups.
- Capture forensically valid duplicates of all exposed devices so the file restoration team can get started
- Save firewall, VPN, and additional key logs as soon as feasible
- Identify the kind of ransomware used in the assault
- Examine each machine and data store on the system including cloud-hosted storage for indications of compromise
- Catalog all compromised devices
- Determine the type of ransomware involved in the assault
- Review logs and sessions in order to establish the timeline of the ransomware attack and to spot any possible lateral movement from the first infected system
- Identify the attack vectors used to carry out the ransomware assault
- Look for new executables surrounding the original encrypted files or system compromise
- Parse Outlook web archives
- Analyze attachments
- Separate any URLs from messages and check to see if they are malicious
- Produce detailed incident documentation to satisfy your insurance and compliance regulations
- Document recommendations to shore up cybersecurity vulnerabilities and enforce workflows that lower the exposure to a future ransomware exploit
Progent has delivered online and onsite IT services across the U.S. for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes professionals who have earned high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's data security consultants have earned internationally recognized certifications including CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers guidance in financial and ERP software. This broad array of expertise gives Progent the ability to salvage and integrate the undamaged pieces of your information system following a ransomware attack and rebuild them rapidly into an operational network. Progent has worked with top insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Services in Atlanta
To find out more information about how Progent can assist your Atlanta organization with ransomware forensics investigation, call 1-800-993-9400 or see Contact Progent.