Overview of Progent's Ransomware Forensics and Reporting in Columbus
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and carry out a comprehensive forensics analysis without interfering with activity required for operational continuity and data recovery. Your Columbus organization can use Progent's forensics report to combat subsequent ransomware attacks, assist in the recovery of lost data, and comply with insurance carrier and governmental reporting requirements.
Ransomware forensics analysis is aimed at discovering and documenting the ransomware attack's progress throughout the network from beginning to end. This audit trail of how a ransomware attack travelled within the network helps you to assess the impact and brings to light shortcomings in policies or processes that should be corrected to prevent later breaches. Forensic analysis is commonly given a top priority by the cyber insurance carrier and is typically required by state and industry regulations. Since forensics can take time, it is essential that other important recovery processes like operational continuity are pursued concurrently. Progent has a large roster of information technology and data security professionals with the skills required to carry out the work of containment, business resumption, and data restoration without disrupting forensics.
Ransomware forensics investigation is complicated and calls for intimate cooperation with the groups assigned to data restoration and, if necessary, settlement discussions with the ransomware hacker. Ransomware forensics typically require the review of logs, registry, GPO, Active Directory, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to check for changes.
Activities involved with forensics investigation include:
- Disconnect without shutting down all potentially affected devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user PWs, and implementing 2FA to secure backups.
- Copy forensically sound digital images of all exposed devices so your file recovery group can proceed
- Preserve firewall, virtual private network, and other key logs as soon as possible
- Identify the variety of ransomware involved in the attack
- Survey every computer and storage device on the network including cloud-hosted storage for signs of compromise
- Catalog all compromised devices
- Determine the type of ransomware involved in the assault
- Review log activity and sessions in order to establish the timeline of the assault and to identify any possible sideways movement from the first infected machine
- Understand the security gaps exploited to carry out the ransomware assault
- Search for new executables surrounding the first encrypted files or system breach
- Parse Outlook PST files
- Examine email attachments
- Extract URLs embedded in messages and determine whether they are malicious
- Provide comprehensive incident reporting to satisfy your insurance carrier and compliance mandates
- Suggest recommended improvements to shore up cybersecurity vulnerabilities and improve processes that reduce the exposure to a future ransomware breach
Progent's Background
Progent has delivered online and onsite IT services across the United States for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned advanced certifications in foundation technologies including Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned internationally recognized certifications including CISM, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial and ERP application software. This scope of expertise gives Progent the ability to identify and consolidate the undamaged parts of your information system after a ransomware assault and reconstruct them rapidly into a functioning network. Progent has worked with leading insurance carriers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Columbus
To find out more information about ways Progent can help your Columbus organization with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.