Progent's Ransomware Forensics Investigation and Reporting Services in Columbus
Progent's ransomware forensics experts can save the evidence of a ransomware attack and carry out a detailed forensics investigation without impeding the processes related to business resumption and data recovery. Your Columbus business can use Progent's post-attack forensics report to combat future ransomware attacks, validate the recovery of lost data, and meet insurance carrier and governmental reporting requirements.
Ransomware forensics analysis is aimed at tracking and documenting the ransomware attack's storyline across the network from start to finish. This history of how a ransomware attack travelled through the network assists your IT staff to evaluate the damage and uncovers weaknesses in policies or processes that should be corrected to avoid future breaches. Forensic analysis is typically given a high priority by the insurance provider and is often required by government and industry regulations. Since forensic analysis can be time consuming, it is critical that other important activities like business continuity are performed concurrently. Progent has a large team of IT and security professionals with the skills needed to carry out activities for containment, business continuity, and data restoration without disrupting forensic analysis.
Ransomware forensics investigation is time consuming and requires intimate cooperation with the teams focused on data recovery and, if necessary, settlement discussions with the ransomware Threat Actor (TA). forensics typically require the examination of all logs, registry, Group Policy Object (GPO), AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to detect changes.
Activities involved with forensics analysis include:
- Isolate but avoid shutting down all potentially affected devices from the system. This may require closing all RDP ports and Internet facing network-attached storage, changing admin credentials and user PWs, and configuring 2FA to guard backups.
- Copy forensically complete duplicates of all exposed devices so the data recovery group can proceed
- Preserve firewall, virtual private network, and additional key logs as soon as possible
- Identify the variety of ransomware used in the assault
- Examine each computer and data store on the network including cloud storage for indications of compromise
- Inventory all compromised devices
- Determine the kind of ransomware used in the attack
- Study log activity and user sessions to determine the time frame of the ransomware attack and to identify any potential lateral movement from the first compromised system
- Understand the attack vectors exploited to carry out the ransomware attack
- Look for the creation of executables surrounding the first encrypted files or network compromise
- Parse Outlook PST files
- Analyze attachments
- Separate any URLs from messages and determine if they are malware
- Produce extensive attack documentation to meet your insurance and compliance requirements
- Document recommended improvements to close security gaps and enforce workflows that reduce the exposure to a future ransomware exploit
Progent has delivered online and on-premises IT services across the United States for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes consultants who have earned high-level certifications in foundation technologies such as Cisco networking, VMware, and major Linux distros. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers guidance in financial management and ERP application software. This scope of expertise allows Progent to salvage and integrate the surviving parts of your information system following a ransomware attack and reconstruct them rapidly into an operational system. Progent has collaborated with leading cyber insurance carriers like Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in Columbus
To learn more about how Progent can help your Columbus organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.