Overview of Progent's Ransomware Forensics Investigation and Reporting in Porto Alegre
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and perform a comprehensive forensics investigation without disrupting activity required for business resumption and data restoration. Your Porto Alegre business can use Progent's post-attack ransomware forensics documentation to combat future ransomware attacks, validate the restoration of lost data, and meet insurance carrier and governmental reporting requirements.
Ransomware forensics investigation involves discovering and documenting the ransomware attack's progress across the network from start to finish. This audit trail of how a ransomware attack progressed through the network helps your IT staff to assess the damage and uncovers vulnerabilities in policies or processes that should be corrected to prevent later break-ins. Forensics is commonly given a top priority by the insurance carrier and is typically required by government and industry regulations. Because forensics can take time, it is vital that other key recovery processes such as business resumption are pursued concurrently. Progent has a large team of IT and cybersecurity professionals with the skills required to perform the work of containment, business resumption, and data restoration without disrupting forensics.
Ransomware forensics investigation is time consuming and calls for close interaction with the groups responsible for file cleanup and, if needed, payment talks with the ransomware hacker. Ransomware forensics typically require the examination of logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for anomalies.
Activities involved with forensics include:
- Disconnect but avoid shutting off all possibly affected devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user passwords, and setting up 2FA to secure backups.
- Copy forensically sound duplicates of all exposed devices so your data recovery group can get started
- Save firewall, virtual private network, and additional key logs as soon as possible
- Determine the strain of ransomware used in the assault
- Survey every machine and data store on the system including cloud storage for signs of encryption
- Catalog all encrypted devices
- Determine the kind of ransomware involved in the attack
- Review logs and user sessions in order to establish the timeline of the ransomware attack and to identify any possible lateral movement from the first infected machine
- Identify the security gaps used to perpetrate the ransomware attack
- Look for new executables surrounding the first encrypted files or system compromise
- Parse Outlook PST files
- Examine email attachments
- Extract URLs embedded in messages and determine if they are malware
- Produce detailed incident documentation to meet your insurance and compliance requirements
- List recommended improvements to close cybersecurity vulnerabilities and improve workflows that lower the risk of a future ransomware breach
Progent's Background
Progent has delivered online and onsite network services throughout the United States for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes professionals who have earned high-level certifications in core technologies such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP applications. This scope of expertise gives Progent the ability to salvage and consolidate the surviving parts of your information system after a ransomware assault and rebuild them quickly into a functioning system. Progent has collaborated with top cyber insurance carriers like Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Porto Alegre
To learn more information about ways Progent can assist your Porto Alegre organization with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.