Overview of Progent's Ransomware Forensics Investigation and Reporting in Columbus
Progent's ransomware forensics consultants can preserve the system state after a ransomware attack and carry out a detailed forensics analysis without impeding activity required for business resumption and data restoration. Your Columbus organization can utilize Progent's forensics report to combat future ransomware attacks, assist in the cleanup of lost data, and comply with insurance and regulatory mandates.
Ransomware forensics analysis involves discovering and describing the ransomware assault's progress across the network from beginning to end. This audit trail of how a ransomware attack travelled within the network helps you to assess the damage and uncovers gaps in policies or work habits that should be rectified to avoid future break-ins. Forensics is commonly given a high priority by the cyber insurance provider and is typically mandated by state and industry regulations. Since forensic analysis can take time, it is essential that other important activities like business resumption are pursued concurrently. Progent has a large roster of IT and cybersecurity experts with the skills required to carry out activities for containment, business continuity, and data restoration without interfering with forensic analysis.
Ransomware forensics investigation is complicated and requires intimate cooperation with the groups assigned to data cleanup and, if needed, settlement discussions with the ransomware Threat Actor. forensics typically involve the review of logs, registry, Group Policy Object, AD, DNS, routers, firewalls, schedulers, and basic Windows systems to check for anomalies.
Activities associated with forensics investigation include:
- Isolate but avoid shutting off all possibly affected devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and implementing 2FA to guard your backups.
- Copy forensically sound images of all exposed devices so the data recovery team can get started
- Preserve firewall, VPN, and other key logs as soon as feasible
- Identify the kind of ransomware involved in the attack
- Inspect every machine and data store on the network as well as cloud storage for indications of encryption
- Inventory all encrypted devices
- Establish the kind of ransomware used in the assault
- Study logs and sessions to establish the timeline of the assault and to identify any potential lateral migration from the originally compromised system
- Understand the attack vectors exploited to perpetrate the ransomware assault
- Look for the creation of executables associated with the first encrypted files or network compromise
- Parse Outlook web archives
- Examine email attachments
- Extract URLs embedded in email messages and determine whether they are malware
- Provide comprehensive attack reporting to satisfy your insurance and compliance mandates
- List recommendations to shore up security gaps and enforce workflows that reduce the exposure to a future ransomware exploit
Progent has provided remote and on-premises network services throughout the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have been awarded advanced certifications in foundation technologies such as Cisco networking, VMware, and popular Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial and Enterprise Resource Planning applications. This broad array of skills gives Progent the ability to salvage and integrate the undamaged parts of your network after a ransomware intrusion and reconstruct them quickly into an operational system. Progent has collaborated with leading cyber insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Columbus
To find out more about ways Progent can help your Columbus organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.