Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Fort Worth
Progent's ransomware forensics consultants can save the system state after a ransomware attack and carry out a detailed forensics investigation without interfering with the processes related to operational resumption and data recovery. Your Fort Worth business can use Progent's post-attack forensics report to counter future ransomware attacks, assist in the restoration of encrypted data, and meet insurance carrier and governmental requirements.
Ransomware forensics is aimed at determining and documenting the ransomware assault's progress across the network from beginning to end. This audit trail of how a ransomware attack travelled within the network helps your IT staff to evaluate the impact and brings to light gaps in policies or work habits that should be corrected to avoid later break-ins. Forensic analysis is typically assigned a top priority by the insurance provider and is often mandated by state and industry regulations. Since forensics can take time, it is critical that other key recovery processes like business continuity are performed in parallel. Progent maintains a large roster of IT and data security professionals with the knowledge and experience needed to carry out the work of containment, business resumption, and data recovery without disrupting forensics.
Ransomware forensics investigation is complicated and calls for intimate interaction with the teams focused on file restoration and, if necessary, payment negotiation with the ransomware Threat Actor (TA). Ransomware forensics can involve the review of all logs, registry, GPO, AD, DNS, routers, firewalls, schedulers, and basic Windows systems to check for variations.
Activities associated with forensics investigation include:
- Disconnect without shutting off all potentially affected devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user passwords, and configuring 2FA to secure backups.
- Copy forensically sound duplicates of all exposed devices so the data recovery team can proceed
- Preserve firewall, VPN, and other key logs as quickly as possible
- Determine the kind of ransomware used in the attack
- Inspect each machine and storage device on the system as well as cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Determine the type of ransomware involved in the assault
- Review logs and sessions to establish the time frame of the attack and to identify any possible sideways movement from the originally compromised system
- Identify the attack vectors exploited to perpetrate the ransomware attack
- Search for the creation of executables associated with the original encrypted files or system breach
- Parse Outlook web archives
- Analyze attachments
- Separate any URLs embedded in email messages and determine whether they are malicious
- Provide extensive incident reporting to meet your insurance carrier and compliance requirements
- Document recommendations to shore up security gaps and improve workflows that reduce the exposure to a future ransomware exploit
Progent has delivered remote and on-premises network services across the U.S. for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes consultants who have been awarded advanced certifications in foundation technology platforms including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity experts have earned prestigious certifications such as CISM, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers top-tier support in financial and ERP application software. This breadth of skills allows Progent to identify and consolidate the undamaged pieces of your network after a ransomware attack and rebuild them quickly into a functioning system. Progent has worked with leading cyber insurance carriers including Chubb to help organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Fort Worth
To find out more information about ways Progent can help your Fort Worth organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.