Overview of Progent's Ransomware Forensics Analysis and Reporting in Detroit
Progent's ransomware forensics consultants can preserve the system state after a ransomware assault and perform a detailed forensics analysis without disrupting activity related to business resumption and data restoration. Your Detroit business can utilize Progent's post-attack forensics report to block future ransomware attacks, assist in the cleanup of lost data, and meet insurance carrier and governmental mandates.
Ransomware forensics investigation involves determining and describing the ransomware attack's storyline throughout the network from start to finish. This audit trail of how a ransomware attack progressed within the network assists your IT staff to assess the impact and brings to light gaps in rules or work habits that should be corrected to prevent later breaches. Forensics is usually given a top priority by the insurance provider and is often required by government and industry regulations. Since forensic analysis can be time consuming, it is essential that other key activities like business continuity are performed in parallel. Progent maintains a large roster of IT and cybersecurity professionals with the skills required to carry out the work of containment, business resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics is complicated and requires close cooperation with the groups focused on data recovery and, if necessary, settlement negotiation with the ransomware Threat Actor. forensics typically require the review of all logs, registry, Group Policy Object, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and basic Windows systems to check for changes.
Activities involved with forensics analysis include:
- Isolate but avoid shutting down all potentially affected devices from the network. This may require closing all RDP ports and Internet facing network-attached storage, changing admin credentials and user passwords, and configuring 2FA to protect your backups.
- Copy forensically valid duplicates of all suspect devices so your data restoration group can proceed
- Preserve firewall, VPN, and additional key logs as quickly as possible
- Establish the type of ransomware used in the attack
- Examine each computer and data store on the system including cloud-hosted storage for signs of encryption
- Inventory all compromised devices
- Determine the type of ransomware involved in the attack
- Study logs and sessions to establish the timeline of the ransomware assault and to identify any potential lateral movement from the originally infected system
- Understand the security gaps exploited to perpetrate the ransomware assault
- Look for the creation of executables associated with the first encrypted files or system breach
- Parse Outlook web archives
- Examine attachments
- Separate any URLs from email messages and determine whether they are malware
- Provide detailed attack reporting to meet your insurance and compliance mandates
- Suggest recommendations to close cybersecurity gaps and enforce workflows that lower the risk of a future ransomware breach
Progent's Background
Progent has delivered online and onsite IT services across the U.S. for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes professionals who have earned advanced certifications in core technology platforms such as Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's data security consultants have earned prestigious certifications such as CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial management and ERP software. This breadth of skills allows Progent to salvage and consolidate the undamaged pieces of your information system following a ransomware attack and rebuild them quickly into a viable network. Progent has collaborated with top cyber insurance carriers like Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Detroit
To learn more information about ways Progent can help your Detroit business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.