Overview of Progent's Ransomware Forensics and Reporting in El Paso
Progent's ransomware forensics consultants can capture the system state after a ransomware attack and perform a detailed forensics investigation without interfering with activity required for operational continuity and data recovery. Your El Paso business can use Progent's post-attack forensics report to block future ransomware attacks, validate the cleanup of lost data, and meet insurance and regulatory reporting requirements.
Ransomware forensics is aimed at discovering and describing the ransomware assault's storyline throughout the targeted network from beginning to end. This history of the way a ransomware attack travelled within the network assists your IT staff to assess the impact and uncovers vulnerabilities in policies or work habits that need to be corrected to avoid future breaches. Forensic analysis is commonly given a high priority by the insurance carrier and is often required by state and industry regulations. Because forensics can be time consuming, it is essential that other important activities such as operational continuity are pursued concurrently. Progent maintains a large team of IT and cybersecurity professionals with the knowledge and experience needed to perform activities for containment, business continuity, and data restoration without disrupting forensics.
Ransomware forensics investigation is arduous and calls for close cooperation with the teams focused on file cleanup and, if necessary, settlement discussions with the ransomware threat actor. Ransomware forensics typically require the review of all logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to check for anomalies.
Activities involved with forensics analysis include:
- Isolate without shutting down all potentially suspect devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, modifying admin credentials and user PWs, and implementing 2FA to guard backups.
- Preserve forensically valid digital images of all suspect devices so your data restoration group can get started
- Save firewall, virtual private network, and additional key logs as quickly as feasible
- Establish the strain of ransomware involved in the assault
- Inspect every computer and storage device on the system including cloud-hosted storage for signs of compromise
- Inventory all encrypted devices
- Establish the kind of ransomware used in the assault
- Review logs and sessions to determine the time frame of the assault and to identify any potential lateral migration from the originally compromised system
- Understand the security gaps used to carry out the ransomware attack
- Look for new executables associated with the original encrypted files or network compromise
- Parse Outlook web archives
- Analyze email attachments
- Separate URLs embedded in messages and determine whether they are malware
- Produce extensive attack reporting to satisfy your insurance carrier and compliance mandates
- Document recommendations to shore up security vulnerabilities and enforce workflows that reduce the risk of a future ransomware exploit
Progent's Background
Progent has provided remote and on-premises IT services across the U.S. for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have been awarded high-level certifications in core technologies including Cisco infrastructure, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial management and Enterprise Resource Planning software. This broad array of expertise gives Progent the ability to salvage and integrate the surviving parts of your IT environment after a ransomware attack and reconstruct them quickly into a functioning system. Progent has worked with top cyber insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Expertise in El Paso
To find out more about how Progent can assist your El Paso organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.