Overview of Progent's Ransomware Forensics and Reporting Services in Scottsdale
Progent's ransomware forensics experts can capture the system state after a ransomware attack and perform a comprehensive forensics investigation without slowing down activity required for operational continuity and data recovery. Your Scottsdale business can use Progent's post-attack ransomware forensics report to block subsequent ransomware assaults, assist in the recovery of lost data, and meet insurance and regulatory requirements.
Ransomware forensics involves discovering and documenting the ransomware assault's storyline across the targeted network from start to finish. This history of how a ransomware assault progressed within the network assists you to evaluate the impact and brings to light gaps in policies or processes that should be rectified to avoid future breaches. Forensic analysis is commonly assigned a top priority by the cyber insurance provider and is often mandated by government and industry regulations. Since forensic analysis can take time, it is vital that other key activities such as operational resumption are executed in parallel. Progent has an extensive team of information technology and data security experts with the skills needed to carry out activities for containment, operational resumption, and data restoration without disrupting forensic analysis.
Ransomware forensics is time consuming and calls for close interaction with the groups assigned to data recovery and, if necessary, payment discussions with the ransomware hacker. forensics can require the review of logs, registry, GPO, AD, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to look for changes.
Services associated with forensics analysis include:
- Detach but avoid shutting down all potentially suspect devices from the network. This can require closing all RDP ports and Internet facing NAS storage, changing admin credentials and user passwords, and configuring two-factor authentication to secure backups.
- Capture forensically valid duplicates of all suspect devices so the data recovery team can proceed
- Preserve firewall, VPN, and other key logs as quickly as possible
- Identify the kind of ransomware used in the attack
- Survey each computer and storage device on the system as well as cloud-hosted storage for signs of compromise
- Inventory all encrypted devices
- Determine the kind of ransomware involved in the attack
- Review logs and sessions to establish the time frame of the assault and to identify any possible lateral movement from the originally infected system
- Understand the security gaps exploited to carry out the ransomware attack
- Search for new executables associated with the first encrypted files or system compromise
- Parse Outlook PST files
- Analyze email attachments
- Extract URLs embedded in email messages and determine whether they are malware
- Produce extensive attack documentation to meet your insurance and compliance mandates
- Suggest recommendations to shore up security vulnerabilities and improve processes that reduce the exposure to a future ransomware exploit
Progent has delivered remote and onsite network services across the U.S. for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes professionals who have been awarded high-level certifications in foundation technology platforms such as Cisco infrastructure, VMware, and major Linux distros. Progent's data security experts have earned internationally recognized certifications including CISA, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and Enterprise Resource Planning applications. This breadth of skills allows Progent to identify and integrate the surviving parts of your network after a ransomware attack and rebuild them quickly into an operational network. Progent has collaborated with leading cyber insurance providers including Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Scottsdale
To find out more information about ways Progent can assist your Scottsdale organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.