Progent's Ransomware Forensics Investigation and Reporting in Minneapolis
Progent's ransomware forensics experts can save the system state after a ransomware attack and carry out a comprehensive forensics analysis without disrupting activity related to operational continuity and data restoration. Your Minneapolis business can use Progent's ransomware forensics documentation to counter future ransomware attacks, validate the restoration of encrypted data, and meet insurance carrier and governmental reporting requirements.
Ransomware forensics investigation involves tracking and describing the ransomware attack's progress across the network from beginning to end. This history of how a ransomware assault progressed within the network assists your IT staff to evaluate the damage and uncovers vulnerabilities in security policies or processes that should be corrected to avoid later break-ins. Forensics is typically assigned a top priority by the insurance carrier and is typically required by state and industry regulations. Because forensics can be time consuming, it is critical that other important activities like operational resumption are pursued in parallel. Progent has an extensive roster of IT and security professionals with the skills required to perform activities for containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics analysis is arduous and requires intimate interaction with the teams assigned to file cleanup and, if needed, payment discussions with the ransomware Threat Actor (TA). forensics typically require the review of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for changes.
Services involved with forensics investigation include:
- Isolate but avoid shutting down all potentially impacted devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user PWs, and implementing 2FA to secure your backups.
- Preserve forensically complete images of all exposed devices so your file recovery group can proceed
- Preserve firewall, virtual private network, and additional key logs as quickly as feasible
- Identify the kind of ransomware involved in the attack
- Examine each machine and storage device on the network including cloud storage for indications of compromise
- Inventory all compromised devices
- Establish the kind of ransomware involved in the assault
- Study log activity and user sessions to determine the time frame of the assault and to spot any potential sideways migration from the originally infected system
- Identify the attack vectors exploited to carry out the ransomware attack
- Look for new executables associated with the original encrypted files or network breach
- Parse Outlook PST files
- Examine attachments
- Extract URLs embedded in messages and check to see if they are malware
- Produce extensive attack documentation to satisfy your insurance and compliance requirements
- Suggest recommended improvements to close security gaps and improve workflows that lower the exposure to a future ransomware exploit
Progent has provided remote and onsite IT services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes professionals who have earned high-level certifications in core technologies such as Cisco networking, VMware virtualization, and major Linux distros. Progent's data security consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also has top-tier support in financial management and ERP application software. This scope of skills gives Progent the ability to identify and integrate the undamaged pieces of your IT environment after a ransomware attack and reconstruct them rapidly into a viable system. Progent has worked with leading cyber insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Services in Minneapolis
To learn more about how Progent can help your Minneapolis business with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.