Overview of Progent's Ransomware Forensics Analysis and Reporting in Sydney
Progent's ransomware forensics consultants can capture the system state after a ransomware attack and perform a comprehensive forensics analysis without disrupting activity required for business resumption and data recovery. Your Sydney organization can utilize Progent's ransomware forensics documentation to combat subsequent ransomware attacks, validate the recovery of lost data, and meet insurance carrier and governmental requirements.
Ransomware forensics analysis is aimed at tracking and documenting the ransomware attack's progress across the network from beginning to end. This audit trail of how a ransomware attack progressed through the network assists you to assess the impact and uncovers gaps in policies or processes that should be rectified to prevent later breaches. Forensics is typically assigned a top priority by the cyber insurance provider and is often required by government and industry regulations. Since forensics can take time, it is essential that other key recovery processes like business continuity are performed in parallel. Progent has an extensive team of IT and security professionals with the knowledge and experience required to carry out the work of containment, operational resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics investigation is arduous and requires intimate cooperation with the groups focused on data cleanup and, if necessary, settlement negotiation with the ransomware hacker. forensics typically require the examination of logs, registry, Group Policy Object (GPO), AD, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to look for changes.
Activities associated with forensics include:
- Isolate without shutting off all potentially suspect devices from the network. This can require closing all RDP ports and Internet connected NAS storage, modifying admin credentials and user PWs, and configuring 2FA to guard backups.
- Preserve forensically complete digital images of all exposed devices so the file recovery team can proceed
- Save firewall, VPN, and other critical logs as soon as possible
- Establish the version of ransomware used in the attack
- Examine each machine and data store on the system including cloud-hosted storage for signs of encryption
- Inventory all encrypted devices
- Establish the type of ransomware involved in the assault
- Review logs and user sessions in order to establish the timeline of the ransomware assault and to spot any possible lateral migration from the first infected system
- Identify the attack vectors exploited to perpetrate the ransomware assault
- Look for new executables associated with the first encrypted files or system compromise
- Parse Outlook web archives
- Analyze attachments
- Separate URLs embedded in email messages and determine whether they are malware
- Provide extensive incident reporting to satisfy your insurance and compliance mandates
- Document recommendations to close security gaps and improve workflows that lower the exposure to a future ransomware breach
Progent's Background
Progent has delivered remote and onsite IT services across the United States for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes consultants who have been awarded advanced certifications in core technologies such as Cisco infrastructure, VMware, and popular Linux distros. Progent's data security consultants have earned internationally recognized certifications such as CISM, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning software. This breadth of expertise gives Progent the ability to salvage and integrate the surviving pieces of your network after a ransomware attack and reconstruct them rapidly into a viable system. Progent has collaborated with leading insurance providers including Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Services in Sydney
To learn more about how Progent can help your Sydney business with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.