Progent's Ransomware Forensics and Reporting Services in São Paulo
Progent's ransomware forensics experts can save the system state after a ransomware attack and carry out a detailed forensics analysis without interfering with activity required for business resumption and data restoration. Your São Paulo organization can utilize Progent's post-attack ransomware forensics documentation to combat subsequent ransomware assaults, assist in the recovery of encrypted data, and meet insurance carrier and governmental reporting requirements.
Ransomware forensics analysis is aimed at tracking and describing the ransomware assault's storyline across the targeted network from beginning to end. This history of how a ransomware assault progressed within the network helps your IT staff to evaluate the impact and uncovers shortcomings in security policies or processes that need to be rectified to avoid future break-ins. Forensics is commonly assigned a high priority by the cyber insurance carrier and is often required by government and industry regulations. Since forensic analysis can take time, it is essential that other important recovery processes such as operational continuity are pursued in parallel. Progent has an extensive team of IT and cybersecurity professionals with the knowledge and experience required to carry out activities for containment, business resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics investigation is time consuming and requires intimate interaction with the groups focused on file cleanup and, if needed, settlement discussions with the ransomware Threat Actor (TA). forensics typically require the review of all logs, registry, Group Policy Object (GPO), AD, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to look for changes.
Services associated with forensics investigation include:
- Disconnect but avoid shutting down all potentially affected devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and configuring 2FA to secure backups.
- Preserve forensically sound digital images of all suspect devices so your file recovery team can get started
- Preserve firewall, VPN, and additional critical logs as soon as possible
- Identify the strain of ransomware used in the assault
- Examine each computer and storage device on the network including cloud storage for signs of compromise
- Catalog all encrypted devices
- Establish the kind of ransomware used in the attack
- Study log activity and user sessions to determine the timeline of the ransomware assault and to spot any possible lateral migration from the first compromised system
- Identify the attack vectors used to perpetrate the ransomware assault
- Look for the creation of executables associated with the first encrypted files or system breach
- Parse Outlook web archives
- Examine email attachments
- Separate URLs embedded in email messages and determine if they are malicious
- Produce comprehensive incident reporting to satisfy your insurance carrier and compliance regulations
- List recommended improvements to close security gaps and enforce workflows that lower the exposure to a future ransomware exploit
Progent's Background
Progent has delivered remote and on-premises IT services throughout the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes consultants who have been awarded advanced certifications in foundation technologies such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned prestigious certifications such as CISM, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial and Enterprise Resource Planning software. This scope of expertise allows Progent to identify and consolidate the undamaged pieces of your network following a ransomware attack and rebuild them rapidly into a viable network. Progent has worked with top insurance carriers including Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in São Paulo
To learn more about how Progent can assist your São Paulo organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.