Overview of Progent's Ransomware Forensics and Reporting in Boise
Progent's ransomware forensics consultants can save the evidence of a ransomware assault and perform a comprehensive forensics analysis without impeding the processes related to operational continuity and data restoration. Your Boise organization can use Progent's ransomware forensics documentation to combat future ransomware assaults, assist in the recovery of lost data, and comply with insurance and governmental reporting requirements.
Ransomware forensics is aimed at tracking and describing the ransomware assault's storyline across the targeted network from beginning to end. This audit trail of how a ransomware assault travelled through the network helps your IT staff to assess the damage and brings to light gaps in rules or processes that should be corrected to prevent future breaches. Forensic analysis is usually given a high priority by the cyber insurance carrier and is typically mandated by state and industry regulations. Since forensic analysis can take time, it is essential that other important activities such as operational resumption are executed concurrently. Progent has an extensive team of information technology and security professionals with the knowledge and experience needed to perform the work of containment, operational continuity, and data restoration without interfering with forensic analysis.
Ransomware forensics is complex and calls for close cooperation with the groups assigned to file restoration and, if needed, settlement talks with the ransomware Threat Actor. forensics can involve the review of logs, registry, GPO, Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to look for variations.
Activities associated with forensics investigation include:
- Disconnect without shutting down all potentially suspect devices from the system. This may involve closing all RDP ports and Internet facing NAS storage, modifying admin credentials and user PWs, and setting up two-factor authentication to guard your backups.
- Create forensically complete duplicates of all suspect devices so your file recovery team can get started
- Save firewall, VPN, and other key logs as quickly as feasible
- Determine the version of ransomware involved in the attack
- Inspect each computer and data store on the network including cloud-hosted storage for indications of compromise
- Catalog all encrypted devices
- Establish the type of ransomware involved in the attack
- Review log activity and user sessions to establish the timeline of the assault and to identify any potential sideways migration from the originally compromised machine
- Identify the security gaps exploited to carry out the ransomware assault
- Search for new executables associated with the original encrypted files or network compromise
- Parse Outlook web archives
- Examine email attachments
- Extract URLs from messages and check to see if they are malicious
- Produce comprehensive attack reporting to satisfy your insurance carrier and compliance mandates
- Suggest recommendations to shore up security vulnerabilities and improve workflows that reduce the exposure to a future ransomware exploit
Progent has provided remote and on-premises IT services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have earned high-level certifications in foundation technologies such as Cisco infrastructure, VMware, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and ERP applications. This scope of expertise gives Progent the ability to identify and integrate the surviving pieces of your information system following a ransomware intrusion and rebuild them quickly into a viable network. Progent has collaborated with leading cyber insurance providers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Boise
To find out more information about how Progent can assist your Boise organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.