Progent's Ransomware Forensics and Reporting Services in Columbus
Progent's ransomware forensics consultants can capture the system state after a ransomware attack and perform a detailed forensics investigation without slowing down the processes required for business resumption and data recovery. Your Columbus business can use Progent's post-attack ransomware forensics documentation to combat subsequent ransomware assaults, assist in the recovery of lost data, and meet insurance carrier and governmental mandates.
Ransomware forensics is aimed at tracking and documenting the ransomware assault's progress across the targeted network from beginning to end. This history of the way a ransomware attack travelled within the network helps your IT staff to evaluate the damage and highlights shortcomings in security policies or processes that need to be corrected to avoid future breaches. Forensic analysis is typically given a high priority by the insurance provider and is often required by government and industry regulations. Because forensic analysis can take time, it is essential that other key recovery processes like business resumption are executed concurrently. Progent has a large team of information technology and cybersecurity experts with the skills required to perform activities for containment, business resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics analysis is complex and calls for close cooperation with the groups assigned to data cleanup and, if necessary, payment negotiation with the ransomware hacker. Ransomware forensics typically involve the examination of logs, registry, Group Policy Object, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect variations.
Activities involved with forensics investigation include:
- Isolate without shutting down all potentially impacted devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user PWs, and setting up two-factor authentication to guard your backups.
- Copy forensically sound duplicates of all suspect devices so your data recovery team can get started
- Preserve firewall, VPN, and other critical logs as soon as possible
- Establish the version of ransomware used in the assault
- Survey every computer and storage device on the network as well as cloud storage for indications of encryption
- Catalog all compromised devices
- Determine the kind of ransomware used in the assault
- Study log activity and sessions to establish the timeline of the assault and to spot any possible sideways movement from the originally compromised system
- Understand the attack vectors used to carry out the ransomware assault
- Look for new executables surrounding the first encrypted files or system compromise
- Parse Outlook web archives
- Analyze attachments
- Separate any URLs embedded in email messages and check to see if they are malware
- Produce detailed attack reporting to satisfy your insurance and compliance requirements
- Suggest recommendations to close security vulnerabilities and enforce processes that reduce the risk of a future ransomware breach
Progent has provided remote and onsite network services across the United States for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SBEs includes consultants who have earned advanced certifications in core technologies such as Cisco networking, VMware, and popular distributions of Linux. Progent's data security experts have earned prestigious certifications such as CISA, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning applications. This broad array of expertise gives Progent the ability to salvage and integrate the surviving parts of your network after a ransomware intrusion and reconstruct them quickly into a viable system. Progent has collaborated with top insurance providers including Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Services in Columbus
To learn more about how Progent can help your Columbus business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.