Progent's Ransomware Forensics Investigation and Reporting in San Jose
Progent's ransomware forensics consultants can capture the evidence of a ransomware assault and perform a comprehensive forensics investigation without interfering with activity related to operational continuity and data restoration. Your San Jose business can utilize Progent's post-attack ransomware forensics documentation to counter subsequent ransomware attacks, validate the cleanup of encrypted data, and comply with insurance and regulatory reporting requirements.
Ransomware forensics investigation is aimed at determining and documenting the ransomware attack's storyline throughout the network from beginning to end. This history of the way a ransomware attack travelled through the network helps you to evaluate the damage and brings to light shortcomings in security policies or processes that should be rectified to prevent future breaches. Forensics is typically given a high priority by the insurance carrier and is often required by state and industry regulations. Since forensics can be time consuming, it is critical that other important activities such as operational resumption are performed concurrently. Progent maintains a large roster of information technology and cybersecurity experts with the knowledge and experience needed to carry out activities for containment, business resumption, and data recovery without interfering with forensics.
Ransomware forensics is time consuming and requires close interaction with the teams focused on file recovery and, if necessary, settlement discussions with the ransomware Threat Actor. forensics can require the review of logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and core Windows systems to look for variations.
Activities involved with forensics include:
- Disconnect without shutting off all potentially affected devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and configuring 2FA to secure your backups.
- Preserve forensically complete images of all exposed devices so your data restoration group can get started
- Preserve firewall, virtual private network, and other key logs as quickly as feasible
- Determine the version of ransomware used in the attack
- Examine each machine and storage device on the network including cloud-hosted storage for signs of encryption
- Inventory all compromised devices
- Determine the type of ransomware involved in the assault
- Study log activity and user sessions to determine the timeline of the ransomware assault and to identify any potential sideways migration from the first compromised machine
- Identify the attack vectors exploited to carry out the ransomware attack
- Search for the creation of executables surrounding the original encrypted files or network breach
- Parse Outlook PST files
- Analyze email attachments
- Extract URLs from messages and check to see whether they are malware
- Provide comprehensive attack reporting to meet your insurance and compliance regulations
- Suggest recommended improvements to shore up security gaps and improve processes that reduce the exposure to a future ransomware breach
Progent has delivered remote and on-premises IT services throughout the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SBEs includes professionals who have been awarded high-level certifications in core technologies such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial and Enterprise Resource Planning applications. This broad array of skills allows Progent to salvage and consolidate the undamaged pieces of your information system after a ransomware assault and reconstruct them quickly into an operational network. Progent has worked with leading cyber insurance providers including Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in San Jose
To find out more about how Progent can help your San Jose organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.