Progent's Ransomware Forensics Investigation and Reporting in Alexandria
Progent's ransomware forensics experts can save the evidence of a ransomware assault and carry out a detailed forensics investigation without disrupting the processes related to business resumption and data restoration. Your Alexandria organization can use Progent's ransomware forensics documentation to counter future ransomware attacks, validate the restoration of encrypted data, and meet insurance and regulatory mandates.
Ransomware forensics involves determining and describing the ransomware assault's storyline throughout the targeted network from beginning to end. This history of the way a ransomware attack travelled through the network assists your IT staff to evaluate the damage and highlights shortcomings in policies or processes that need to be rectified to avoid later break-ins. Forensics is commonly given a top priority by the insurance carrier and is often required by state and industry regulations. Since forensic analysis can be time consuming, it is essential that other important activities such as operational continuity are pursued in parallel. Progent has a large roster of information technology and security professionals with the skills needed to carry out the work of containment, operational resumption, and data restoration without interfering with forensics.
Ransomware forensics is arduous and requires intimate cooperation with the groups responsible for data restoration and, if needed, payment talks with the ransomware hacker. Ransomware forensics typically require the review of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, schedulers, and core Windows systems to check for anomalies.
Activities involved with forensics analysis include:
- Detach without shutting down all possibly affected devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, modifying admin credentials and user PWs, and implementing two-factor authentication to protect your backups.
- Create forensically complete duplicates of all exposed devices so the data recovery group can get started
- Preserve firewall, virtual private network, and other key logs as quickly as possible
- Establish the strain of ransomware used in the attack
- Inspect every computer and data store on the network including cloud-hosted storage for signs of encryption
- Catalog all compromised devices
- Determine the type of ransomware used in the attack
- Review logs and sessions in order to determine the time frame of the ransomware attack and to identify any potential sideways movement from the originally infected machine
- Understand the security gaps used to perpetrate the ransomware assault
- Look for the creation of executables associated with the first encrypted files or network breach
- Parse Outlook PST files
- Examine email attachments
- Extract URLs from email messages and determine whether they are malware
- Produce extensive incident documentation to satisfy your insurance and compliance regulations
- List recommendations to shore up security gaps and enforce processes that reduce the risk of a future ransomware breach
Progent has provided remote and onsite IT services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of SBEs includes professionals who have earned advanced certifications in foundation technology platforms such as Cisco infrastructure, VMware, and popular Linux distros. Progent's data security experts have earned internationally recognized certifications including CISA, CISSP, and CRISC. (Refer to Progent's certifications). Progent also offers top-tier support in financial and ERP software. This broad array of skills gives Progent the ability to identify and integrate the surviving parts of your network after a ransomware intrusion and rebuild them rapidly into an operational network. Progent has worked with leading cyber insurance carriers like Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Alexandria
To learn more information about how Progent can help your Alexandria organization with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.