Overview of Progent's Ransomware Forensics Investigation and Reporting Services in San Diego
Progent's ransomware forensics consultants can save the system state after a ransomware attack and perform a comprehensive forensics investigation without disrupting activity required for business resumption and data recovery. Your San Diego organization can utilize Progent's post-attack ransomware forensics report to counter future ransomware assaults, validate the cleanup of lost data, and comply with insurance carrier and governmental requirements.
Ransomware forensics is aimed at tracking and documenting the ransomware attack's progress throughout the targeted network from start to finish. This audit trail of the way a ransomware attack travelled within the network helps you to assess the impact and uncovers vulnerabilities in rules or processes that should be corrected to avoid later break-ins. Forensic analysis is usually assigned a top priority by the cyber insurance provider and is typically required by state and industry regulations. Since forensics can be time consuming, it is vital that other key activities such as operational resumption are performed concurrently. Progent has a large roster of IT and data security professionals with the skills required to perform the work of containment, operational resumption, and data restoration without interfering with forensics.
Ransomware forensics analysis is complex and calls for intimate cooperation with the groups responsible for file cleanup and, if necessary, settlement talks with the ransomware Threat Actor (TA). forensics can involve the examination of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to check for changes.
Activities involved with forensics analysis include:
- Isolate but avoid shutting off all possibly suspect devices from the system. This may require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user PWs, and setting up 2FA to secure backups.
- Create forensically valid digital images of all exposed devices so the data recovery group can get started
- Preserve firewall, virtual private network, and additional key logs as soon as possible
- Establish the version of ransomware used in the attack
- Inspect every machine and data store on the system including cloud storage for indications of compromise
- Inventory all compromised devices
- Establish the type of ransomware used in the attack
- Review log activity and sessions in order to determine the timeline of the ransomware assault and to identify any potential sideways migration from the originally compromised machine
- Identify the security gaps exploited to perpetrate the ransomware attack
- Look for new executables surrounding the first encrypted files or network compromise
- Parse Outlook PST files
- Analyze email attachments
- Separate any URLs embedded in messages and determine whether they are malware
- Produce extensive incident documentation to meet your insurance and compliance requirements
- Suggest recommendations to close cybersecurity vulnerabilities and enforce workflows that lower the risk of a future ransomware exploit
Progent has provided remote and onsite network services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes consultants who have been awarded high-level certifications in foundation technology platforms including Cisco networking, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications including CISM, CISSP, and GIAC. (See Progent's certifications). Progent also has guidance in financial management and ERP application software. This broad array of skills gives Progent the ability to identify and integrate the undamaged pieces of your information system following a ransomware attack and rebuild them rapidly into a functioning network. Progent has worked with top cyber insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in San Diego
To learn more information about how Progent can help your San Diego organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.