Progent's Ransomware Forensics Investigation and Reporting in Louisville
Progent's ransomware forensics experts can preserve the system state after a ransomware assault and perform a detailed forensics investigation without interfering with activity related to business continuity and data recovery. Your Louisville organization can utilize Progent's forensics report to counter future ransomware assaults, validate the restoration of encrypted data, and meet insurance and governmental mandates.
Ransomware forensics investigation is aimed at discovering and describing the ransomware assault's progress throughout the network from start to finish. This audit trail of the way a ransomware assault travelled within the network assists your IT staff to evaluate the impact and uncovers vulnerabilities in policies or work habits that should be corrected to prevent later break-ins. Forensics is commonly given a top priority by the insurance carrier and is typically required by state and industry regulations. Since forensics can be time consuming, it is essential that other important recovery processes such as operational resumption are pursued in parallel. Progent maintains an extensive roster of IT and cybersecurity professionals with the knowledge and experience required to perform activities for containment, operational continuity, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is time consuming and requires intimate interaction with the groups assigned to file recovery and, if needed, settlement discussions with the ransomware Threat Actor (TA). forensics typically involve the examination of all logs, registry, GPO, AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for changes.
Activities involved with forensics include:
- Detach but avoid shutting down all possibly affected devices from the network. This can involve closing all RDP ports and Internet connected NAS storage, modifying admin credentials and user PWs, and setting up two-factor authentication to secure backups.
- Capture forensically complete images of all suspect devices so your file recovery group can proceed
- Save firewall, VPN, and additional critical logs as quickly as possible
- Identify the variety of ransomware involved in the assault
- Inspect each computer and storage device on the network including cloud storage for signs of encryption
- Catalog all encrypted devices
- Establish the type of ransomware involved in the attack
- Review logs and sessions to establish the time frame of the ransomware attack and to spot any potential lateral movement from the first compromised system
- Understand the security gaps exploited to carry out the ransomware attack
- Search for new executables surrounding the first encrypted files or network compromise
- Parse Outlook PST files
- Analyze attachments
- Extract any URLs from messages and determine if they are malicious
- Produce comprehensive incident documentation to satisfy your insurance carrier and compliance requirements
- Suggest recommended improvements to close security vulnerabilities and improve processes that lower the exposure to a future ransomware exploit
Progent has provided online and onsite IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes professionals who have been awarded advanced certifications in foundation technology platforms including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP software. This broad array of expertise allows Progent to identify and integrate the surviving pieces of your network following a ransomware intrusion and reconstruct them rapidly into a functioning network. Progent has collaborated with leading insurance providers including Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Services in Louisville
To learn more about ways Progent can help your Louisville business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.