Progent's Ransomware Forensics Analysis and Reporting in Kansas City
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and carry out a comprehensive forensics investigation without impeding activity related to operational continuity and data restoration. Your Kansas City organization can utilize Progent's forensics documentation to combat future ransomware attacks, assist in the recovery of lost data, and comply with insurance and regulatory reporting requirements.
Ransomware forensics investigation involves discovering and describing the ransomware assault's storyline across the network from beginning to end. This audit trail of the way a ransomware attack progressed through the network assists you to assess the damage and brings to light weaknesses in security policies or processes that need to be rectified to avoid future breaches. Forensics is commonly assigned a high priority by the insurance carrier and is often required by government and industry regulations. Since forensics can take time, it is essential that other key activities like operational resumption are pursued concurrently. Progent has a large team of IT and cybersecurity professionals with the skills needed to carry out activities for containment, operational resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics is time consuming and calls for close cooperation with the teams assigned to data restoration and, if necessary, payment talks with the ransomware Threat Actor. forensics typically require the examination of logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and basic Windows systems to detect changes.
Services involved with forensics investigation include:
- Disconnect without shutting down all potentially suspect devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user PWs, and implementing two-factor authentication to secure your backups.
- Copy forensically sound duplicates of all exposed devices so the data recovery group can proceed
- Preserve firewall, virtual private network, and other key logs as soon as possible
- Establish the variety of ransomware used in the attack
- Survey each computer and data store on the system as well as cloud storage for signs of compromise
- Catalog all compromised devices
- Determine the kind of ransomware used in the attack
- Study logs and user sessions to determine the time frame of the assault and to spot any possible sideways movement from the first compromised system
- Understand the security gaps exploited to carry out the ransomware attack
- Look for the creation of executables associated with the first encrypted files or network compromise
- Parse Outlook PST files
- Analyze attachments
- Separate URLs embedded in email messages and determine whether they are malware
- Provide comprehensive attack documentation to meet your insurance carrier and compliance mandates
- Suggest recommended improvements to shore up cybersecurity gaps and improve processes that lower the exposure to a future ransomware breach
Progent has provided remote and on-premises IT services throughout the United States for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SBEs includes consultants who have been awarded advanced certifications in foundation technology platforms such as Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned industry-recognized certifications including CISA, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial and ERP application software. This scope of skills gives Progent the ability to salvage and consolidate the undamaged parts of your information system after a ransomware intrusion and reconstruct them quickly into a functioning system. Progent has worked with top insurance providers including Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Kansas City
To learn more about how Progent can assist your Kansas City organization with ransomware forensics, call 1-800-993-9400 or see Contact Progent.