Progent's Ransomware Forensics and Reporting Services in Memphis
Progent's ransomware forensics consultants can save the evidence of a ransomware assault and perform a comprehensive forensics analysis without slowing down activity related to business resumption and data restoration. Your Memphis organization can utilize Progent's post-attack ransomware forensics documentation to block future ransomware assaults, assist in the cleanup of encrypted data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics involves determining and describing the ransomware attack's progress across the targeted network from beginning to end. This history of how a ransomware assault travelled through the network helps your IT staff to evaluate the damage and highlights weaknesses in rules or work habits that should be rectified to prevent later break-ins. Forensics is typically given a high priority by the cyber insurance provider and is often required by government and industry regulations. Since forensic analysis can take time, it is essential that other important recovery processes like operational continuity are executed in parallel. Progent has an extensive roster of information technology and security experts with the knowledge and experience required to perform the work of containment, operational resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics analysis is time consuming and calls for intimate interaction with the groups focused on data recovery and, if needed, settlement talks with the ransomware Threat Actor. forensics typically involve the examination of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to look for anomalies.
Services involved with forensics investigation include:
- Disconnect but avoid shutting down all possibly affected devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and implementing 2FA to secure backups.
- Preserve forensically complete duplicates of all suspect devices so the file restoration group can proceed
- Save firewall, virtual private network, and additional key logs as soon as possible
- Identify the kind of ransomware involved in the assault
- Inspect every computer and data store on the network as well as cloud storage for signs of encryption
- Inventory all encrypted devices
- Establish the type of ransomware used in the assault
- Review log activity and sessions to establish the time frame of the ransomware attack and to identify any potential sideways movement from the first infected system
- Identify the attack vectors used to carry out the ransomware assault
- Look for the creation of executables surrounding the first encrypted files or system compromise
- Parse Outlook PST files
- Analyze attachments
- Extract any URLs embedded in messages and check to see if they are malware
- Provide detailed attack reporting to meet your insurance and compliance requirements
- Document recommended improvements to shore up cybersecurity gaps and improve workflows that lower the risk of a future ransomware breach
Progent has delivered remote and on-premises network services throughout the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in foundation technologies including Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications such as CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial management and ERP applications. This broad array of expertise allows Progent to salvage and consolidate the surviving pieces of your IT environment after a ransomware attack and reconstruct them quickly into a viable network. Progent has worked with leading insurance providers including Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Services in Memphis
To learn more about how Progent can assist your Memphis organization with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.