Overview of Progent's Ransomware Forensics Investigation and Reporting in Kansas City
Progent's ransomware forensics experts can preserve the system state after a ransomware attack and perform a detailed forensics investigation without disrupting activity related to operational continuity and data recovery. Your Kansas City business can use Progent's post-attack forensics documentation to block subsequent ransomware attacks, assist in the cleanup of lost data, and meet insurance and governmental reporting requirements.
Ransomware forensics involves tracking and documenting the ransomware assault's storyline throughout the network from start to finish. This audit trail of how a ransomware assault travelled through the network assists you to evaluate the damage and uncovers vulnerabilities in rules or work habits that need to be rectified to avoid future break-ins. Forensic analysis is commonly given a high priority by the insurance carrier and is often mandated by state and industry regulations. Because forensics can take time, it is critical that other important activities such as business resumption are performed concurrently. Progent maintains an extensive team of information technology and cybersecurity experts with the knowledge and experience needed to perform activities for containment, business resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics investigation is time consuming and calls for intimate interaction with the teams responsible for data cleanup and, if necessary, settlement discussions with the ransomware Threat Actor. forensics typically involve the examination of logs, registry, GPO, AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for anomalies.
Services involved with forensics analysis include:
- Isolate without shutting down all possibly affected devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user PWs, and implementing two-factor authentication to secure your backups.
- Create forensically complete digital images of all suspect devices so your file restoration group can get started
- Save firewall, virtual private network, and additional critical logs as quickly as possible
- Determine the version of ransomware used in the assault
- Survey each machine and data store on the system including cloud storage for indications of encryption
- Inventory all compromised devices
- Determine the kind of ransomware involved in the assault
- Study log activity and user sessions to establish the time frame of the ransomware attack and to identify any potential sideways movement from the first compromised machine
- Identify the security gaps exploited to carry out the ransomware attack
- Look for the creation of executables surrounding the first encrypted files or system breach
- Parse Outlook PST files
- Examine email attachments
- Extract any URLs embedded in email messages and determine if they are malware
- Produce detailed incident documentation to satisfy your insurance carrier and compliance mandates
- List recommendations to close cybersecurity gaps and improve workflows that reduce the exposure to a future ransomware exploit
Progent has delivered online and on-premises network services throughout the U.S. for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have been awarded advanced certifications in foundation technologies such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also has guidance in financial management and ERP application software. This broad array of expertise gives Progent the ability to salvage and consolidate the undamaged parts of your network after a ransomware assault and reconstruct them rapidly into an operational network. Progent has worked with leading insurance carriers like Chubb to help organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Services in Kansas City
To learn more information about how Progent can assist your Kansas City business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.