Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Memphis
Progent's ransomware forensics consultants can preserve the system state after a ransomware attack and carry out a detailed forensics investigation without interfering with the processes required for business resumption and data recovery. Your Memphis business can utilize Progent's post-attack forensics documentation to counter future ransomware assaults, validate the cleanup of encrypted data, and comply with insurance and governmental reporting requirements.
Ransomware forensics investigation is aimed at discovering and describing the ransomware attack's storyline across the targeted network from beginning to end. This audit trail of the way a ransomware attack progressed through the network helps you to assess the impact and uncovers vulnerabilities in rules or work habits that need to be rectified to prevent future break-ins. Forensics is typically assigned a top priority by the insurance carrier and is typically mandated by state and industry regulations. Because forensics can take time, it is vital that other key recovery processes such as operational resumption are performed concurrently. Progent has a large team of information technology and security professionals with the skills needed to perform the work of containment, operational continuity, and data recovery without disrupting forensic analysis.
Ransomware forensics analysis is complex and requires close interaction with the teams focused on file cleanup and, if needed, settlement talks with the ransomware Threat Actor (TA). Ransomware forensics can involve the review of logs, registry, Group Policy Object (GPO), AD, DNS, routers, firewalls, schedulers, and core Windows systems to detect changes.
Services associated with forensics investigation include:
- Detach but avoid shutting down all possibly suspect devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, changing admin credentials and user passwords, and setting up 2FA to protect your backups.
- Capture forensically sound digital images of all exposed devices so your file recovery group can proceed
- Save firewall, VPN, and other critical logs as soon as possible
- Determine the type of ransomware involved in the assault
- Survey every computer and data store on the system including cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Establish the type of ransomware used in the attack
- Study log activity and sessions to establish the time frame of the attack and to identify any possible sideways migration from the originally compromised system
- Understand the security gaps exploited to carry out the ransomware assault
- Search for new executables surrounding the first encrypted files or system breach
- Parse Outlook web archives
- Examine attachments
- Extract URLs from email messages and determine whether they are malicious
- Produce extensive incident documentation to meet your insurance and compliance mandates
- Suggest recommendations to close security vulnerabilities and enforce workflows that lower the exposure to a future ransomware breach
Progent has delivered online and on-premises IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes professionals who have been awarded high-level certifications in core technologies including Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISA, CISSP, and CRISC. (Refer to Progent's certifications). Progent also offers guidance in financial and Enterprise Resource Planning application software. This breadth of skills gives Progent the ability to identify and integrate the surviving parts of your network following a ransomware assault and rebuild them rapidly into a functioning system. Progent has worked with top cyber insurance carriers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Memphis
To find out more information about how Progent can help your Memphis business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.