Overview of Progent's Ransomware Forensics Investigation and Reporting in Sydney
Progent's ransomware forensics consultants can preserve the system state after a ransomware attack and perform a comprehensive forensics investigation without slowing down activity related to business continuity and data restoration. Your Sydney business can use Progent's post-attack ransomware forensics documentation to combat subsequent ransomware attacks, validate the recovery of lost data, and meet insurance and governmental mandates.
Ransomware forensics is aimed at tracking and documenting the ransomware assault's storyline across the targeted network from start to finish. This audit trail of the way a ransomware attack travelled within the network assists your IT staff to evaluate the damage and uncovers gaps in security policies or work habits that need to be corrected to prevent later breaches. Forensic analysis is commonly given a high priority by the insurance provider and is typically mandated by government and industry regulations. Since forensic analysis can take time, it is essential that other key recovery processes like operational resumption are pursued in parallel. Progent maintains an extensive team of information technology and security professionals with the knowledge and experience needed to perform activities for containment, operational resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics is complex and calls for intimate cooperation with the teams focused on file cleanup and, if necessary, payment talks with the ransomware Threat Actor. forensics typically involve the review of all logs, registry, GPO, AD, DNS, routers, firewalls, schedulers, and core Windows systems to look for anomalies.
Services involved with forensics analysis include:
- Disconnect without shutting off all possibly affected devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user PWs, and implementing 2FA to secure backups.
- Preserve forensically valid duplicates of all exposed devices so your data restoration team can proceed
- Preserve firewall, VPN, and additional critical logs as quickly as feasible
- Establish the kind of ransomware involved in the attack
- Inspect each computer and data store on the network including cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Establish the kind of ransomware involved in the attack
- Review log activity and sessions in order to establish the timeline of the attack and to spot any potential sideways movement from the originally compromised machine
- Understand the attack vectors exploited to carry out the ransomware attack
- Look for new executables surrounding the original encrypted files or system compromise
- Parse Outlook PST files
- Examine attachments
- Extract any URLs embedded in email messages and determine if they are malware
- Produce comprehensive incident documentation to satisfy your insurance and compliance requirements
- Document recommended improvements to close security vulnerabilities and improve workflows that reduce the risk of a future ransomware exploit
Progent's Background
Progent has provided online and on-premises IT services across the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in core technology platforms such as Cisco networking, VMware, and popular distributions of Linux. Progent's data security consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning application software. This breadth of expertise gives Progent the ability to salvage and consolidate the undamaged parts of your information system following a ransomware attack and reconstruct them quickly into a functioning system. Progent has worked with top cyber insurance carriers like Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Sydney
To find out more about ways Progent can assist your Sydney business with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.