Progent's Ransomware Forensics and Reporting in Columbus
Progent's ransomware forensics experts can capture the system state after a ransomware attack and carry out a detailed forensics investigation without impeding activity related to business continuity and data restoration. Your Columbus business can utilize Progent's post-attack ransomware forensics documentation to combat future ransomware assaults, validate the recovery of lost data, and meet insurance and governmental mandates.
Ransomware forensics is aimed at discovering and describing the ransomware attack's progress across the network from beginning to end. This history of the way a ransomware assault progressed within the network helps your IT staff to assess the damage and highlights vulnerabilities in security policies or processes that need to be corrected to prevent later breaches. Forensics is typically given a high priority by the insurance provider and is typically required by state and industry regulations. Since forensics can take time, it is vital that other key activities such as operational continuity are pursued concurrently. Progent maintains a large team of IT and security experts with the skills required to carry out activities for containment, business resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics is time consuming and calls for close cooperation with the groups assigned to data cleanup and, if needed, payment discussions with the ransomware Threat Actor. Ransomware forensics can require the examination of all logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, schedulers, and core Windows systems to check for changes.
Activities involved with forensics include:
- Disconnect without shutting off all potentially affected devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user passwords, and configuring 2FA to guard backups.
- Preserve forensically complete digital images of all exposed devices so your data recovery team can proceed
- Preserve firewall, VPN, and other key logs as soon as feasible
- Determine the version of ransomware used in the attack
- Inspect every computer and data store on the system including cloud-hosted storage for signs of encryption
- Catalog all encrypted devices
- Establish the kind of ransomware used in the assault
- Review logs and sessions to determine the timeline of the ransomware assault and to identify any possible lateral migration from the first compromised machine
- Identify the security gaps exploited to carry out the ransomware attack
- Look for the creation of executables surrounding the original encrypted files or system compromise
- Parse Outlook PST files
- Examine attachments
- Extract any URLs embedded in email messages and determine if they are malicious
- Produce comprehensive incident reporting to satisfy your insurance and compliance mandates
- Suggest recommended improvements to close cybersecurity gaps and enforce workflows that lower the risk of a future ransomware exploit
Progent has delivered remote and on-premises network services across the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have been awarded advanced certifications in foundation technology platforms such as Cisco networking, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISA, CISSP, and CRISC. (Refer to Progent's certifications). Progent also has top-tier support in financial management and ERP application software. This broad array of skills allows Progent to identify and integrate the undamaged parts of your IT environment following a ransomware attack and reconstruct them quickly into an operational network. Progent has worked with top cyber insurance providers like Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Columbus
To find out more about ways Progent can assist your Columbus business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.