Progent's Ransomware Forensics Investigation and Reporting Services in São Paulo
Progent's ransomware forensics consultants can preserve the evidence of a ransomware attack and perform a detailed forensics analysis without interfering with activity required for operational resumption and data recovery. Your São Paulo organization can use Progent's post-attack ransomware forensics report to counter subsequent ransomware assaults, validate the cleanup of encrypted data, and meet insurance and governmental reporting requirements.
Ransomware forensics investigation involves determining and documenting the ransomware attack's progress throughout the network from start to finish. This history of the way a ransomware attack progressed through the network assists your IT staff to assess the impact and uncovers vulnerabilities in policies or processes that need to be rectified to avoid future break-ins. Forensics is typically assigned a top priority by the insurance carrier and is typically required by government and industry regulations. Since forensics can be time consuming, it is vital that other important recovery processes like operational continuity are executed concurrently. Progent has a large team of IT and data security experts with the knowledge and experience required to perform activities for containment, operational resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics is complex and requires intimate interaction with the teams responsible for file cleanup and, if needed, settlement discussions with the ransomware hacker. Ransomware forensics can require the review of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, schedulers, and basic Windows systems to look for changes.
Services involved with forensics include:
- Isolate without shutting down all potentially affected devices from the network. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user passwords, and setting up two-factor authentication to protect backups.
- Create forensically valid digital images of all suspect devices so your file recovery team can get started
- Save firewall, VPN, and additional critical logs as soon as feasible
- Identify the version of ransomware involved in the attack
- Inspect every computer and data store on the system as well as cloud storage for signs of encryption
- Inventory all encrypted devices
- Determine the kind of ransomware involved in the assault
- Review log activity and user sessions to determine the time frame of the attack and to identify any potential lateral migration from the first compromised machine
- Understand the attack vectors used to perpetrate the ransomware attack
- Look for new executables associated with the first encrypted files or system breach
- Parse Outlook PST files
- Examine attachments
- Extract any URLs from email messages and check to see if they are malware
- Provide extensive attack reporting to meet your insurance carrier and compliance mandates
- Document recommendations to close cybersecurity vulnerabilities and enforce processes that reduce the exposure to a future ransomware breach
Progent has provided remote and on-premises network services throughout the U.S. for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have been awarded high-level certifications in core technology platforms such as Cisco infrastructure, VMware, and popular Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISA, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also offers top-tier support in financial management and Enterprise Resource Planning applications. This scope of skills allows Progent to salvage and consolidate the undamaged parts of your information system following a ransomware attack and reconstruct them rapidly into a viable network. Progent has worked with leading insurance providers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Services in São Paulo
To learn more about how Progent can help your São Paulo business with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.