Overview of Progent's Ransomware Forensics Investigation and Reporting Services in San Antonio
Progent's ransomware forensics consultants can capture the evidence of a ransomware assault and perform a detailed forensics analysis without impeding the processes required for business continuity and data recovery. Your San Antonio organization can utilize Progent's forensics documentation to block subsequent ransomware assaults, assist in the restoration of encrypted data, and meet insurance carrier and governmental mandates.
Ransomware forensics investigation involves discovering and documenting the ransomware attack's progress throughout the targeted network from beginning to end. This history of how a ransomware attack travelled through the network assists your IT staff to assess the impact and uncovers weaknesses in security policies or processes that should be rectified to prevent future breaches. Forensic analysis is commonly assigned a top priority by the insurance carrier and is often mandated by state and industry regulations. Since forensic analysis can be time consuming, it is essential that other important recovery processes such as business continuity are pursued concurrently. Progent maintains an extensive roster of IT and security professionals with the skills needed to carry out the work of containment, operational continuity, and data recovery without interfering with forensic analysis.
Ransomware forensics is complex and requires close cooperation with the teams responsible for data recovery and, if needed, payment negotiation with the ransomware hacker. Ransomware forensics typically require the review of all logs, registry, Group Policy Object, Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect variations.
Services involved with forensics investigation include:
- Disconnect but avoid shutting down all potentially affected devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, modifying admin credentials and user PWs, and implementing 2FA to protect your backups.
- Capture forensically valid digital images of all suspect devices so the data restoration group can get started
- Preserve firewall, virtual private network, and additional key logs as soon as feasible
- Determine the version of ransomware used in the attack
- Inspect each machine and data store on the system including cloud-hosted storage for signs of encryption
- Catalog all compromised devices
- Establish the kind of ransomware used in the assault
- Review log activity and sessions in order to determine the time frame of the attack and to spot any possible sideways movement from the originally infected system
- Understand the security gaps exploited to carry out the ransomware assault
- Search for new executables associated with the first encrypted files or network compromise
- Parse Outlook web archives
- Examine email attachments
- Separate any URLs embedded in messages and check to see whether they are malware
- Produce comprehensive incident documentation to meet your insurance carrier and compliance mandates
- Document recommendations to shore up security vulnerabilities and enforce processes that reduce the risk of a future ransomware breach
Progent has delivered remote and on-premises IT services throughout the U.S. for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in core technology platforms including Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned industry-recognized certifications including CISA, CISSP-ISSAP, and CRISC. (Refer to Progent's certifications). Progent also offers guidance in financial management and Enterprise Resource Planning software. This scope of skills gives Progent the ability to salvage and integrate the undamaged parts of your network after a ransomware attack and reconstruct them rapidly into a viable network. Progent has worked with top cyber insurance carriers like Chubb to assist organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in San Antonio
To learn more information about ways Progent can assist your San Antonio organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.