Overview of Progent's Ransomware Forensics Investigation and Reporting in Webster
Progent's ransomware forensics experts can capture the system state after a ransomware attack and carry out a detailed forensics investigation without impeding activity related to operational resumption and data restoration. Your Webster organization can utilize Progent's post-attack forensics documentation to combat subsequent ransomware assaults, assist in the cleanup of lost data, and meet insurance and regulatory requirements.
Ransomware forensics investigation is aimed at discovering and documenting the ransomware attack's storyline throughout the network from beginning to end. This audit trail of how a ransomware attack progressed through the network assists your IT staff to assess the damage and highlights vulnerabilities in policies or work habits that need to be rectified to avoid later break-ins. Forensics is typically given a high priority by the insurance provider and is typically mandated by government and industry regulations. Since forensic analysis can be time consuming, it is critical that other important recovery processes such as business resumption are pursued concurrently. Progent maintains a large team of IT and cybersecurity experts with the skills required to perform the work of containment, operational continuity, and data recovery without interfering with forensics.
Ransomware forensics investigation is time consuming and calls for intimate interaction with the teams responsible for data cleanup and, if necessary, payment discussions with the ransomware hacker. Ransomware forensics can require the review of logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to check for variations.
Activities associated with forensics include:
- Detach but avoid shutting down all possibly suspect devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and implementing 2FA to guard backups.
- Preserve forensically sound digital images of all suspect devices so the data restoration group can proceed
- Preserve firewall, VPN, and additional key logs as soon as possible
- Determine the version of ransomware used in the attack
- Examine every computer and storage device on the system including cloud storage for indications of encryption
- Inventory all compromised devices
- Establish the type of ransomware involved in the attack
- Review log activity and sessions in order to determine the timeline of the ransomware attack and to spot any potential sideways movement from the originally compromised system
- Identify the attack vectors used to perpetrate the ransomware attack
- Search for the creation of executables surrounding the original encrypted files or system breach
- Parse Outlook web archives
- Analyze email attachments
- Separate any URLs embedded in messages and determine if they are malware
- Provide detailed attack reporting to meet your insurance carrier and compliance mandates
- List recommendations to close cybersecurity vulnerabilities and enforce processes that reduce the exposure to a future ransomware exploit
Progent has delivered remote and onsite network services across the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes professionals who have earned high-level certifications in foundation technologies including Cisco networking, VMware, and major Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (Refer to Progent's certifications). Progent also has top-tier support in financial and Enterprise Resource Planning applications. This breadth of expertise gives Progent the ability to salvage and integrate the surviving pieces of your information system following a ransomware intrusion and reconstruct them quickly into a functioning network. Progent has worked with leading insurance providers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in Webster
To find out more information about how Progent can help your Webster organization with ransomware forensics, call 1-800-993-9400 or visit Contact Progent.