Overview of Progent's Ransomware Forensics Investigation and Reporting in Jersey City
Progent's ransomware forensics experts can preserve the system state after a ransomware assault and perform a detailed forensics investigation without disrupting the processes required for operational resumption and data recovery. Your Jersey City business can use Progent's post-attack ransomware forensics report to counter subsequent ransomware assaults, validate the cleanup of encrypted data, and comply with insurance carrier and governmental requirements.
Ransomware forensics involves discovering and describing the ransomware attack's progress throughout the network from beginning to end. This audit trail of how a ransomware assault travelled within the network assists your IT staff to assess the damage and brings to light weaknesses in policies or work habits that need to be rectified to prevent future breaches. Forensics is commonly given a top priority by the cyber insurance provider and is typically required by state and industry regulations. Since forensics can take time, it is essential that other key activities such as business resumption are executed concurrently. Progent maintains an extensive team of information technology and cybersecurity experts with the skills required to carry out the work of containment, operational continuity, and data recovery without disrupting forensic analysis.
Ransomware forensics investigation is arduous and calls for close interaction with the teams responsible for data restoration and, if needed, settlement talks with the ransomware Threat Actor (TA). Ransomware forensics typically involve the review of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, schedulers, and basic Windows systems to look for changes.
Activities associated with forensics analysis include:
- Disconnect without shutting down all possibly impacted devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user passwords, and implementing two-factor authentication to secure your backups.
- Create forensically sound digital images of all suspect devices so the file restoration team can proceed
- Preserve firewall, virtual private network, and other key logs as quickly as possible
- Identify the version of ransomware involved in the attack
- Inspect each computer and storage device on the network as well as cloud-hosted storage for indications of compromise
- Catalog all encrypted devices
- Determine the type of ransomware involved in the attack
- Review log activity and user sessions in order to establish the time frame of the ransomware assault and to spot any potential lateral migration from the first infected machine
- Understand the attack vectors used to carry out the ransomware assault
- Search for the creation of executables associated with the original encrypted files or network breach
- Parse Outlook web archives
- Examine email attachments
- Extract any URLs from messages and determine whether they are malware
- Provide comprehensive incident reporting to satisfy your insurance carrier and compliance mandates
- Suggest recommendations to close cybersecurity gaps and enforce workflows that reduce the risk of a future ransomware breach
Progent has provided online and onsite network services throughout the U.S. for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SBEs) includes professionals who have earned advanced certifications in core technologies such as Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also has top-tier support in financial and ERP software. This scope of skills gives Progent the ability to salvage and integrate the undamaged parts of your network following a ransomware assault and rebuild them rapidly into a functioning network. Progent has worked with top insurance providers like Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Services in Jersey City
To learn more information about how Progent can assist your Jersey City business with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.