Overview of Progent's Ransomware Forensics Investigation and Reporting in San Diego
Progent's ransomware forensics consultants can capture the evidence of a ransomware assault and carry out a detailed forensics investigation without interfering with the processes related to operational resumption and data restoration. Your San Diego organization can use Progent's post-attack forensics report to counter subsequent ransomware assaults, assist in the restoration of encrypted data, and meet insurance and governmental reporting requirements.
Ransomware forensics is aimed at discovering and describing the ransomware assault's progress across the network from start to finish. This audit trail of how a ransomware assault progressed through the network helps your IT staff to evaluate the damage and highlights weaknesses in security policies or processes that need to be rectified to prevent future breaches. Forensics is usually assigned a high priority by the cyber insurance provider and is often mandated by state and industry regulations. Since forensics can be time consuming, it is essential that other key recovery processes like business resumption are executed in parallel. Progent has an extensive roster of IT and data security experts with the knowledge and experience needed to perform activities for containment, business resumption, and data restoration without disrupting forensics.
Ransomware forensics analysis is complicated and requires intimate cooperation with the teams focused on file restoration and, if necessary, settlement negotiation with the ransomware adversary. Ransomware forensics typically require the examination of all logs, registry, Group Policy Object, AD, DNS, routers, firewalls, scheduled tasks, and core Windows systems to check for variations.
Services involved with forensics analysis include:
- Disconnect without shutting off all possibly suspect devices from the network. This may require closing all RDP ports and Internet facing NAS storage, changing admin credentials and user PWs, and setting up 2FA to protect backups.
- Create forensically sound duplicates of all exposed devices so your file restoration group can get started
- Save firewall, VPN, and additional critical logs as soon as feasible
- Establish the version of ransomware involved in the attack
- Examine each machine and storage device on the network including cloud-hosted storage for signs of compromise
- Catalog all compromised devices
- Establish the kind of ransomware involved in the attack
- Study logs and sessions in order to determine the time frame of the ransomware assault and to identify any potential sideways movement from the first compromised system
- Identify the attack vectors exploited to carry out the ransomware assault
- Look for the creation of executables surrounding the first encrypted files or network breach
- Parse Outlook PST files
- Examine email attachments
- Extract any URLs from messages and check to see if they are malware
- Provide comprehensive incident documentation to meet your insurance and compliance requirements
- Document recommended improvements to close cybersecurity vulnerabilities and improve processes that lower the exposure to a future ransomware exploit
Progent's Background
Progent has provided online and on-premises network services throughout the U.S. for over 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes professionals who have earned high-level certifications in foundation technologies such as Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's data security consultants have earned prestigious certifications including CISA, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP applications. This broad array of skills gives Progent the ability to salvage and consolidate the undamaged parts of your information system after a ransomware attack and reconstruct them quickly into an operational network. Progent has worked with leading cyber insurance providers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Expertise in San Diego
To find out more information about how Progent can assist your San Diego business with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.