Progent's Ransomware Forensics and Reporting in Louisville
Progent's ransomware forensics consultants can preserve the evidence of a ransomware attack and perform a detailed forensics investigation without slowing down the processes related to business resumption and data restoration. Your Louisville business can use Progent's post-attack forensics documentation to counter subsequent ransomware assaults, assist in the restoration of lost data, and meet insurance carrier and governmental reporting requirements.
Ransomware forensics involves determining and describing the ransomware attack's progress across the network from beginning to end. This audit trail of how a ransomware assault travelled within the network helps your IT staff to assess the impact and uncovers gaps in security policies or processes that need to be rectified to avoid future break-ins. Forensics is usually given a high priority by the insurance provider and is typically mandated by state and industry regulations. Because forensic analysis can be time consuming, it is vital that other key recovery processes like operational resumption are pursued concurrently. Progent maintains an extensive roster of IT and security professionals with the skills needed to perform activities for containment, operational resumption, and data recovery without interfering with forensics.
Ransomware forensics is complex and calls for close cooperation with the groups focused on data cleanup and, if necessary, settlement talks with the ransomware Threat Actor (TA). Ransomware forensics typically require the examination of all logs, registry, GPO, AD, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to look for variations.
Services associated with forensics investigation include:
- Isolate without shutting off all potentially suspect devices from the system. This may require closing all RDP ports and Internet connected NAS storage, changing admin credentials and user passwords, and implementing two-factor authentication to guard backups.
- Copy forensically sound digital images of all suspect devices so your data restoration team can proceed
- Save firewall, virtual private network, and other critical logs as soon as possible
- Identify the strain of ransomware used in the assault
- Examine every computer and data store on the network including cloud-hosted storage for indications of compromise
- Catalog all encrypted devices
- Determine the type of ransomware used in the assault
- Review logs and sessions in order to establish the time frame of the attack and to spot any potential lateral migration from the originally compromised system
- Identify the attack vectors exploited to perpetrate the ransomware assault
- Search for the creation of executables surrounding the first encrypted files or system compromise
- Parse Outlook web archives
- Examine email attachments
- Extract any URLs from messages and check to see whether they are malicious
- Provide extensive attack documentation to meet your insurance and compliance mandates
- List recommendations to close security gaps and enforce processes that reduce the risk of a future ransomware breach
Progent has delivered online and on-premises IT services across the U.S. for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes professionals who have been awarded high-level certifications in foundation technologies such as Cisco infrastructure, VMware, and major distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning software. This breadth of skills allows Progent to identify and integrate the surviving pieces of your IT environment following a ransomware assault and rebuild them rapidly into an operational network. Progent has worked with leading insurance carriers like Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Services in Louisville
To learn more about ways Progent can assist your Louisville organization with ransomware forensics investigation, call 1-800-993-9400 or see Contact Progent.