Overview of Progent's Ransomware Forensics Investigation and Reporting in Denver
Progent's ransomware forensics experts can capture the system state after a ransomware assault and perform a comprehensive forensics analysis without slowing down activity related to business continuity and data recovery. Your Denver organization can use Progent's ransomware forensics documentation to combat future ransomware attacks, assist in the restoration of encrypted data, and comply with insurance and regulatory requirements.
Ransomware forensics investigation involves discovering and documenting the ransomware assault's progress throughout the network from start to finish. This audit trail of the way a ransomware assault travelled within the network helps you to evaluate the damage and brings to light vulnerabilities in policies or processes that need to be corrected to prevent later break-ins. Forensic analysis is commonly given a top priority by the cyber insurance provider and is typically required by state and industry regulations. Because forensics can take time, it is essential that other important activities such as operational resumption are pursued concurrently. Progent has a large roster of information technology and security experts with the knowledge and experience required to perform the work of containment, operational resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics investigation is time consuming and calls for close interaction with the teams assigned to file cleanup and, if needed, settlement negotiation with the ransomware Threat Actor (TA). forensics typically involve the review of logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, schedulers, and basic Windows systems to check for changes.
Activities associated with forensics investigation include:
- Detach without shutting off all potentially affected devices from the system. This can involve closing all RDP ports and Internet connected NAS storage, changing admin credentials and user PWs, and implementing 2FA to protect your backups.
- Preserve forensically valid duplicates of all exposed devices so your file recovery team can get started
- Save firewall, VPN, and additional key logs as soon as possible
- Determine the version of ransomware used in the attack
- Survey each machine and storage device on the network including cloud-hosted storage for indications of compromise
- Inventory all encrypted devices
- Determine the type of ransomware used in the attack
- Review log activity and sessions in order to establish the time frame of the ransomware attack and to spot any possible sideways migration from the originally infected machine
- Understand the attack vectors exploited to perpetrate the ransomware assault
- Look for the creation of executables surrounding the original encrypted files or network compromise
- Parse Outlook PST files
- Examine attachments
- Separate URLs embedded in email messages and check to see whether they are malicious
- Produce extensive attack reporting to satisfy your insurance carrier and compliance requirements
- List recommendations to shore up security vulnerabilities and enforce workflows that lower the risk of a future ransomware exploit
Progent's Background
Progent has delivered remote and on-premises IT services across the U.S. for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts includes professionals who have been awarded advanced certifications in core technologies including Cisco networking, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned prestigious certifications such as CISA, CISSP-ISSAP, and GIAC. (Refer to Progent's certifications). Progent also offers top-tier support in financial and ERP software. This breadth of skills allows Progent to identify and consolidate the undamaged pieces of your IT environment following a ransomware assault and rebuild them rapidly into an operational network. Progent has collaborated with leading insurance carriers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Services in Denver
To learn more information about ways Progent can help your Denver organization with ransomware forensics, call 1-800-462-8800 or see Contact Progent.