Overview of Progent's Ransomware Forensics Investigation and Reporting Services in Atlanta
Progent's ransomware forensics experts can preserve the evidence of a ransomware attack and carry out a comprehensive forensics investigation without slowing down the processes related to business resumption and data restoration. Your Atlanta business can use Progent's post-attack ransomware forensics documentation to counter future ransomware assaults, assist in the recovery of encrypted data, and meet insurance and governmental mandates.
Ransomware forensics investigation involves tracking and describing the ransomware attack's progress across the targeted network from beginning to end. This history of the way a ransomware attack travelled within the network helps your IT staff to assess the impact and brings to light gaps in rules or work habits that should be corrected to avoid later break-ins. Forensic analysis is typically given a high priority by the insurance provider and is typically mandated by state and industry regulations. Since forensic analysis can be time consuming, it is essential that other important recovery processes like business continuity are pursued in parallel. Progent has a large roster of IT and data security professionals with the knowledge and experience needed to carry out the work of containment, business continuity, and data recovery without disrupting forensics.
Ransomware forensics analysis is arduous and requires intimate cooperation with the teams focused on data restoration and, if necessary, settlement negotiation with the ransomware Threat Actor. forensics can involve the examination of all logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to look for changes.
Activities involved with forensics investigation include:
- Disconnect but avoid shutting down all possibly impacted devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user PWs, and setting up two-factor authentication to secure your backups.
- Create forensically complete duplicates of all suspect devices so the data recovery team can proceed
- Preserve firewall, VPN, and other critical logs as soon as possible
- Determine the kind of ransomware used in the assault
- Examine every machine and storage device on the network including cloud-hosted storage for signs of compromise
- Inventory all encrypted devices
- Determine the type of ransomware involved in the assault
- Review log activity and sessions to establish the timeline of the ransomware assault and to spot any potential lateral movement from the originally compromised system
- Understand the security gaps exploited to carry out the ransomware assault
- Search for the creation of executables associated with the first encrypted files or network compromise
- Parse Outlook PST files
- Examine attachments
- Separate URLs from email messages and determine whether they are malicious
- Produce extensive attack reporting to meet your insurance carrier and compliance requirements
- List recommendations to shore up cybersecurity gaps and enforce workflows that reduce the risk of a future ransomware exploit
Progent has delivered online and onsite IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes consultants who have been awarded high-level certifications in foundation technologies such as Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning software. This scope of skills gives Progent the ability to identify and integrate the undamaged pieces of your information system after a ransomware assault and reconstruct them quickly into a functioning system. Progent has collaborated with top cyber insurance carriers including Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Atlanta
To find out more information about how Progent can help your Atlanta business with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.