Progent's Ransomware Forensics and Reporting in Lincoln
Progent's ransomware forensics consultants can capture the evidence of a ransomware assault and carry out a detailed forensics investigation without impeding activity required for business resumption and data recovery. Your Lincoln organization can use Progent's post-attack ransomware forensics documentation to combat future ransomware attacks, validate the cleanup of encrypted data, and comply with insurance carrier and regulatory mandates.
Ransomware forensics investigation involves determining and describing the ransomware attack's storyline across the network from beginning to end. This history of how a ransomware attack travelled within the network assists your IT staff to evaluate the damage and highlights weaknesses in rules or processes that should be rectified to prevent future breaches. Forensic analysis is commonly given a high priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Since forensics can take time, it is vital that other important activities like business resumption are executed in parallel. Progent has an extensive team of IT and security experts with the skills needed to perform the work of containment, business continuity, and data restoration without disrupting forensics.
Ransomware forensics analysis is arduous and calls for close cooperation with the teams assigned to data restoration and, if necessary, settlement negotiation with the ransomware hacker. Ransomware forensics typically involve the examination of logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, schedulers, and core Windows systems to check for anomalies.
Services involved with forensics analysis include:
- Disconnect without shutting down all possibly affected devices from the system. This can involve closing all RDP ports and Internet facing network-attached storage, changing admin credentials and user passwords, and setting up two-factor authentication to protect your backups.
- Create forensically complete digital images of all suspect devices so the data recovery group can proceed
- Preserve firewall, virtual private network, and other critical logs as soon as possible
- Determine the variety of ransomware involved in the attack
- Examine each machine and data store on the network including cloud storage for indications of compromise
- Inventory all encrypted devices
- Determine the type of ransomware involved in the assault
- Study log activity and user sessions in order to determine the timeline of the assault and to spot any possible sideways movement from the originally infected system
- Identify the attack vectors used to perpetrate the ransomware attack
- Look for new executables associated with the first encrypted files or system breach
- Parse Outlook web archives
- Analyze email attachments
- Extract any URLs embedded in email messages and check to see whether they are malicious
- Produce extensive incident reporting to meet your insurance carrier and compliance mandates
- List recommended improvements to close security gaps and improve workflows that lower the risk of a future ransomware exploit
Progent has delivered online and on-premises IT services throughout the U.S. for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have earned advanced certifications in core technologies including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial and Enterprise Resource Planning software. This broad array of expertise allows Progent to salvage and integrate the undamaged parts of your information system following a ransomware assault and reconstruct them rapidly into a viable system. Progent has worked with leading cyber insurance providers like Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Lincoln
To learn more information about ways Progent can assist your Lincoln organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.