Progent's Ransomware Forensics Analysis and Reporting in Memphis
Progent's ransomware forensics consultants can save the system state after a ransomware assault and perform a detailed forensics analysis without disrupting the processes related to operational resumption and data recovery. Your Memphis organization can use Progent's post-attack forensics documentation to counter future ransomware attacks, validate the recovery of lost data, and comply with insurance and regulatory requirements.
Ransomware forensics analysis is aimed at discovering and documenting the ransomware assault's storyline across the targeted network from beginning to end. This history of how a ransomware assault travelled through the network assists you to evaluate the impact and brings to light weaknesses in policies or work habits that need to be rectified to avoid future break-ins. Forensics is typically assigned a top priority by the insurance carrier and is often required by state and industry regulations. Since forensics can take time, it is critical that other key recovery processes like business continuity are performed concurrently. Progent has an extensive team of IT and security experts with the skills needed to carry out the work of containment, operational resumption, and data recovery without disrupting forensics.
Ransomware forensics investigation is time consuming and requires close interaction with the teams assigned to data cleanup and, if necessary, payment talks with the ransomware Threat Actor. Ransomware forensics typically require the review of logs, registry, GPO, AD, DNS, routers, firewalls, schedulers, and core Windows systems to detect changes.
Services associated with forensics include:
- Disconnect but avoid shutting off all possibly affected devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and setting up 2FA to protect backups.
- Capture forensically complete images of all suspect devices so the data recovery group can proceed
- Save firewall, virtual private network, and additional critical logs as quickly as feasible
- Identify the version of ransomware involved in the assault
- Inspect every machine and data store on the system including cloud-hosted storage for indications of encryption
- Catalog all encrypted devices
- Establish the kind of ransomware involved in the attack
- Study log activity and sessions to establish the time frame of the attack and to identify any possible sideways migration from the originally compromised system
- Identify the attack vectors used to carry out the ransomware assault
- Look for new executables associated with the first encrypted files or system compromise
- Parse Outlook PST files
- Analyze attachments
- Separate any URLs embedded in messages and determine whether they are malicious
- Produce comprehensive attack documentation to satisfy your insurance and compliance regulations
- Document recommended improvements to close cybersecurity gaps and improve workflows that lower the risk of a future ransomware breach
Progent has provided online and onsite IT services across the United States for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes consultants who have been awarded advanced certifications in foundation technologies including Cisco infrastructure, VMware, and major distributions of Linux. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning software. This scope of expertise allows Progent to salvage and consolidate the undamaged pieces of your network following a ransomware intrusion and rebuild them rapidly into a viable system. Progent has collaborated with top cyber insurance providers including Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in Memphis
To learn more about how Progent can assist your Memphis organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.