Progent's Ransomware Forensics Investigation and Reporting in San Antonio
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and perform a detailed forensics investigation without slowing down activity required for business resumption and data restoration. Your San Antonio business can utilize Progent's post-attack forensics documentation to counter future ransomware assaults, assist in the restoration of encrypted data, and meet insurance carrier and governmental requirements.
Ransomware forensics investigation involves tracking and describing the ransomware attack's progress throughout the network from beginning to end. This history of the way a ransomware assault travelled through the network helps your IT staff to assess the impact and highlights weaknesses in rules or work habits that should be rectified to prevent future break-ins. Forensics is typically assigned a high priority by the cyber insurance provider and is typically mandated by government and industry regulations. Since forensics can take time, it is vital that other important recovery processes like operational resumption are performed in parallel. Progent maintains a large team of IT and data security experts with the skills required to perform activities for containment, operational continuity, and data recovery without interfering with forensics.
Ransomware forensics investigation is time consuming and requires close interaction with the groups focused on file cleanup and, if needed, settlement discussions with the ransomware Threat Actor (TA). Ransomware forensics typically involve the examination of logs, registry, Group Policy Object, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and core Windows systems to check for variations.
Activities involved with forensics analysis include:
- Isolate without shutting off all potentially suspect devices from the network. This can require closing all RDP ports and Internet facing NAS storage, changing admin credentials and user passwords, and implementing 2FA to protect your backups.
- Capture forensically sound digital images of all suspect devices so your file recovery team can proceed
- Preserve firewall, virtual private network, and other critical logs as soon as feasible
- Determine the version of ransomware used in the assault
- Examine every computer and storage device on the network as well as cloud-hosted storage for indications of compromise
- Catalog all encrypted devices
- Determine the kind of ransomware used in the attack
- Study logs and sessions to establish the time frame of the assault and to spot any potential sideways movement from the first infected machine
- Identify the attack vectors used to carry out the ransomware attack
- Search for new executables associated with the original encrypted files or system compromise
- Parse Outlook PST files
- Examine email attachments
- Separate any URLs from messages and determine whether they are malware
- Provide comprehensive attack reporting to meet your insurance and compliance regulations
- Document recommendations to close security vulnerabilities and enforce workflows that reduce the exposure to a future ransomware exploit
Progent has delivered online and on-premises network services across the United States for over two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SBEs includes professionals who have been awarded high-level certifications in foundation technology platforms including Cisco infrastructure, VMware, and popular distributions of Linux. Progent's data security consultants have earned industry-recognized certifications including CISM, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial management and ERP application software. This breadth of expertise allows Progent to identify and integrate the undamaged pieces of your IT environment after a ransomware attack and reconstruct them quickly into an operational system. Progent has worked with leading cyber insurance carriers including Chubb to help businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in San Antonio
To learn more about how Progent can assist your San Antonio business with ransomware forensics analysis, call 1-800-993-9400 or see Contact Progent.