Progent's Ransomware Forensics Investigation and Reporting in The Woodlands
Progent's ransomware forensics experts can capture the evidence of a ransomware assault and carry out a detailed forensics investigation without slowing down activity related to operational resumption and data restoration. Your The Woodlands organization can use Progent's post-attack forensics report to counter future ransomware assaults, validate the restoration of encrypted data, and comply with insurance carrier and regulatory reporting requirements.
Ransomware forensics is aimed at tracking and describing the ransomware assault's progress across the targeted network from beginning to end. This history of the way a ransomware assault progressed within the network helps you to assess the damage and uncovers vulnerabilities in rules or processes that should be rectified to prevent future breaches. Forensics is commonly assigned a high priority by the cyber insurance carrier and is often mandated by state and industry regulations. Since forensic analysis can be time consuming, it is essential that other key recovery processes like business resumption are performed concurrently. Progent maintains an extensive team of information technology and data security experts with the skills needed to carry out the work of containment, business resumption, and data restoration without interfering with forensics.
Ransomware forensics is arduous and requires intimate cooperation with the groups assigned to data recovery and, if needed, settlement discussions with the ransomware Threat Actor. Ransomware forensics typically involve the examination of all logs, registry, GPO, Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to detect changes.
Services associated with forensics include:
- Disconnect without shutting down all possibly affected devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user passwords, and setting up 2FA to guard backups.
- Copy forensically valid images of all suspect devices so the file recovery team can get started
- Preserve firewall, VPN, and additional critical logs as quickly as feasible
- Identify the strain of ransomware involved in the attack
- Examine each computer and data store on the network including cloud storage for signs of compromise
- Catalog all encrypted devices
- Establish the type of ransomware used in the attack
- Study log activity and sessions in order to determine the timeline of the ransomware attack and to identify any potential lateral movement from the originally compromised machine
- Identify the attack vectors used to perpetrate the ransomware assault
- Search for new executables associated with the original encrypted files or network breach
- Parse Outlook PST files
- Examine email attachments
- Separate URLs embedded in messages and determine whether they are malicious
- Provide detailed incident documentation to meet your insurance and compliance mandates
- List recommended improvements to shore up cybersecurity gaps and improve workflows that reduce the risk of a future ransomware exploit
Progent has provided online and on-premises IT services throughout the United States for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SBEs) includes professionals who have been awarded advanced certifications in foundation technologies including Cisco networking, VMware, and popular Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP applications. This breadth of expertise gives Progent the ability to salvage and integrate the undamaged pieces of your IT environment after a ransomware assault and rebuild them rapidly into a functioning network. Progent has collaborated with leading insurance carriers including Chubb to help organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in The Woodlands
To learn more information about how Progent can help your The Woodlands organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.