Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Atlanta
Progent's ransomware forensics consultants can capture the system state after a ransomware assault and perform a comprehensive forensics investigation without disrupting the processes required for operational continuity and data recovery. Your Atlanta organization can utilize Progent's ransomware forensics documentation to combat subsequent ransomware attacks, assist in the restoration of lost data, and comply with insurance carrier and governmental mandates.
Ransomware forensics analysis is aimed at discovering and documenting the ransomware attack's progress throughout the network from start to finish. This history of how a ransomware assault travelled through the network assists you to evaluate the impact and uncovers shortcomings in policies or work habits that should be corrected to prevent future break-ins. Forensics is commonly assigned a top priority by the cyber insurance carrier and is often mandated by state and industry regulations. Because forensic analysis can take time, it is critical that other key activities like business continuity are executed concurrently. Progent maintains a large team of information technology and security professionals with the knowledge and experience needed to perform activities for containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics investigation is arduous and requires intimate cooperation with the groups focused on data restoration and, if needed, settlement negotiation with the ransomware Threat Actor. forensics can require the review of all logs, registry, GPO, Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to look for changes.
Activities involved with forensics analysis include:
- Detach without shutting down all potentially impacted devices from the network. This may require closing all RDP ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and configuring 2FA to guard backups.
- Copy forensically complete digital images of all suspect devices so your file restoration group can get started
- Preserve firewall, virtual private network, and additional critical logs as soon as possible
- Establish the type of ransomware used in the attack
- Inspect each computer and data store on the network including cloud-hosted storage for signs of compromise
- Inventory all compromised devices
- Establish the type of ransomware involved in the attack
- Study log activity and user sessions to determine the timeline of the ransomware assault and to identify any potential lateral movement from the originally infected machine
- Identify the attack vectors exploited to perpetrate the ransomware attack
- Look for the creation of executables associated with the original encrypted files or network compromise
- Parse Outlook PST files
- Analyze attachments
- Extract URLs embedded in messages and determine whether they are malware
- Produce detailed incident documentation to satisfy your insurance carrier and compliance mandates
- Suggest recommendations to shore up security vulnerabilities and enforce workflows that lower the risk of a future ransomware exploit
Progent's Background
Progent has provided remote and onsite IT services across the United States for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes professionals who have been awarded advanced certifications in core technologies including Cisco networking, VMware, and popular distributions of Linux. Progent's data security experts have earned prestigious certifications such as CISA, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers guidance in financial and Enterprise Resource Planning software. This scope of skills allows Progent to identify and integrate the surviving parts of your IT environment following a ransomware assault and reconstruct them rapidly into a functioning system. Progent has collaborated with top insurance providers like Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Atlanta
To learn more information about how Progent can help your Atlanta organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.