Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Fort Worth
Progent's ransomware forensics consultants can capture the system state after a ransomware assault and perform a detailed forensics analysis without interfering with the processes related to business resumption and data restoration. Your Fort Worth business can use Progent's post-attack forensics report to counter future ransomware attacks, validate the restoration of lost data, and meet insurance carrier and governmental requirements.
Ransomware forensics investigation involves determining and describing the ransomware attack's progress across the network from start to finish. This audit trail of how a ransomware assault progressed through the network assists your IT staff to assess the impact and uncovers vulnerabilities in policies or work habits that should be rectified to prevent future breaches. Forensic analysis is commonly given a top priority by the insurance carrier and is typically required by government and industry regulations. Because forensic analysis can take time, it is vital that other key recovery processes like business continuity are pursued concurrently. Progent has a large roster of information technology and data security professionals with the knowledge and experience needed to perform the work of containment, business continuity, and data restoration without interfering with forensics.
Ransomware forensics investigation is complex and calls for intimate cooperation with the teams responsible for data recovery and, if needed, settlement discussions with the ransomware hacker. Ransomware forensics typically require the examination of all logs, registry, GPO, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to look for anomalies.
Activities associated with forensics investigation include:
- Detach without shutting off all potentially suspect devices from the system. This can involve closing all RDP ports and Internet facing NAS storage, changing admin credentials and user passwords, and configuring 2FA to secure backups.
- Preserve forensically complete images of all suspect devices so your data restoration team can proceed
- Preserve firewall, virtual private network, and additional critical logs as soon as possible
- Establish the type of ransomware used in the assault
- Examine each computer and data store on the system including cloud storage for indications of encryption
- Inventory all compromised devices
- Determine the type of ransomware involved in the assault
- Study logs and user sessions to establish the timeline of the ransomware assault and to spot any potential sideways movement from the originally compromised machine
- Identify the attack vectors used to carry out the ransomware assault
- Look for new executables surrounding the first encrypted files or network compromise
- Parse Outlook web archives
- Examine attachments
- Extract URLs from email messages and determine if they are malware
- Produce detailed incident documentation to satisfy your insurance and compliance regulations
- Document recommended improvements to shore up cybersecurity gaps and improve workflows that reduce the risk of a future ransomware exploit
Progent has provided online and onsite IT services throughout the U.S. for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have earned advanced certifications in core technology platforms such as Cisco networking, VMware, and major Linux distros. Progent's data security experts have earned prestigious certifications including CISA, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning applications. This broad array of expertise allows Progent to identify and integrate the undamaged parts of your network following a ransomware attack and rebuild them quickly into an operational network. Progent has worked with leading cyber insurance carriers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Services in Fort Worth
To find out more information about ways Progent can help your Fort Worth organization with ransomware forensics, call 1-800-993-9400 or see Contact Progent.