Progent's Ransomware Forensics Investigation and Reporting in Lawrence
Progent's ransomware forensics consultants can capture the evidence of a ransomware attack and perform a comprehensive forensics investigation without interfering with activity related to business resumption and data recovery. Your Lawrence organization can use Progent's post-attack forensics report to combat subsequent ransomware attacks, assist in the restoration of lost data, and meet insurance and governmental mandates.
Ransomware forensics involves tracking and describing the ransomware assault's storyline throughout the targeted network from start to finish. This history of the way a ransomware assault progressed through the network helps your IT staff to evaluate the damage and highlights vulnerabilities in rules or work habits that need to be rectified to avoid future break-ins. Forensic analysis is commonly given a high priority by the insurance carrier and is typically mandated by government and industry regulations. Because forensics can take time, it is critical that other important recovery processes such as operational continuity are pursued concurrently. Progent maintains an extensive team of IT and data security experts with the knowledge and experience needed to perform the work of containment, business resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics analysis is complex and requires intimate interaction with the teams responsible for file cleanup and, if necessary, settlement negotiation with the ransomware Threat Actor. forensics can involve the examination of logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect anomalies.
Services involved with forensics investigation include:
- Disconnect without shutting down all possibly suspect devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user passwords, and implementing 2FA to secure backups.
- Preserve forensically complete digital images of all exposed devices so the file restoration team can proceed
- Preserve firewall, virtual private network, and other critical logs as soon as feasible
- Determine the version of ransomware involved in the attack
- Inspect each computer and data store on the network including cloud storage for signs of encryption
- Catalog all compromised devices
- Establish the kind of ransomware used in the attack
- Review log activity and sessions in order to establish the time frame of the assault and to identify any possible sideways movement from the first compromised system
- Identify the security gaps exploited to carry out the ransomware assault
- Search for new executables surrounding the original encrypted files or system breach
- Parse Outlook web archives
- Analyze email attachments
- Extract any URLs embedded in email messages and determine if they are malware
- Produce detailed incident reporting to meet your insurance carrier and compliance mandates
- Suggest recommendations to shore up cybersecurity vulnerabilities and improve processes that reduce the exposure to a future ransomware breach
Progent has delivered remote and on-premises IT services across the U.S. for over two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have earned high-level certifications in foundation technology platforms such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned prestigious certifications such as CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning application software. This scope of skills allows Progent to identify and integrate the surviving pieces of your IT environment after a ransomware attack and reconstruct them rapidly into an operational system. Progent has worked with top insurance carriers like Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Services in Lawrence
To find out more about how Progent can help your Lawrence organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.