Progent's Ransomware Forensics and Reporting in Guarulhos
Progent's ransomware forensics consultants can save the system state after a ransomware attack and perform a detailed forensics analysis without impeding activity related to operational resumption and data restoration. Your Guarulhos organization can utilize Progent's forensics report to counter future ransomware attacks, assist in the cleanup of encrypted data, and meet insurance and governmental reporting requirements.
Ransomware forensics analysis involves determining and documenting the ransomware attack's storyline throughout the network from start to finish. This history of the way a ransomware attack travelled through the network assists you to assess the damage and brings to light shortcomings in policies or work habits that should be corrected to prevent future breaches. Forensics is commonly assigned a top priority by the insurance carrier and is often mandated by government and industry regulations. Because forensic analysis can take time, it is vital that other key activities like business resumption are executed in parallel. Progent maintains an extensive team of IT and security professionals with the skills needed to carry out activities for containment, business resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics analysis is time consuming and calls for intimate cooperation with the groups focused on file restoration and, if needed, payment negotiation with the ransomware adversary. forensics typically require the review of all logs, registry, Group Policy Object, AD, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to check for anomalies.
Services associated with forensics analysis include:
- Isolate but avoid shutting off all potentially suspect devices from the system. This may require closing all RDP ports and Internet facing NAS storage, changing admin credentials and user PWs, and configuring 2FA to secure your backups.
- Copy forensically complete duplicates of all exposed devices so your data recovery team can proceed
- Preserve firewall, VPN, and additional key logs as quickly as possible
- Establish the version of ransomware used in the assault
- Examine each machine and storage device on the network as well as cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Establish the kind of ransomware used in the attack
- Review log activity and sessions to establish the timeline of the ransomware assault and to spot any possible sideways movement from the originally infected system
- Understand the security gaps used to perpetrate the ransomware assault
- Look for the creation of executables associated with the original encrypted files or network compromise
- Parse Outlook PST files
- Examine email attachments
- Separate any URLs embedded in messages and determine whether they are malicious
- Produce extensive incident documentation to meet your insurance carrier and compliance requirements
- Suggest recommendations to close security gaps and improve workflows that reduce the risk of a future ransomware breach
Progent's Background
Progent has provided remote and onsite network services across the United States for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have been awarded advanced certifications in core technology platforms including Cisco infrastructure, VMware, and popular Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning applications. This breadth of expertise allows Progent to identify and integrate the undamaged parts of your information system following a ransomware intrusion and reconstruct them rapidly into a functioning system. Progent has worked with leading insurance providers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Guarulhos
To find out more about how Progent can assist your Guarulhos business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.