Overview of Progent's Ransomware Forensics Analysis and Reporting in Des Moines
Progent's ransomware forensics experts can capture the evidence of a ransomware assault and carry out a detailed forensics analysis without disrupting the processes related to business resumption and data recovery. Your Des Moines business can use Progent's post-attack forensics documentation to combat future ransomware attacks, validate the cleanup of encrypted data, and comply with insurance and regulatory mandates.
Ransomware forensics analysis is aimed at tracking and describing the ransomware attack's storyline across the targeted network from beginning to end. This history of how a ransomware assault progressed through the network helps you to assess the impact and brings to light vulnerabilities in security policies or work habits that should be corrected to prevent later break-ins. Forensics is usually given a top priority by the cyber insurance provider and is often mandated by government and industry regulations. Since forensics can take time, it is essential that other key activities such as business continuity are pursued concurrently. Progent maintains a large roster of information technology and data security professionals with the knowledge and experience needed to carry out the work of containment, operational resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics investigation is time consuming and requires intimate interaction with the groups responsible for file restoration and, if needed, settlement negotiation with the ransomware hacker. Ransomware forensics typically require the examination of logs, registry, Group Policy Object, Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to check for changes.
Services associated with forensics analysis include:
- Disconnect but avoid shutting down all possibly suspect devices from the system. This can involve closing all RDP ports and Internet connected network-attached storage, changing admin credentials and user passwords, and implementing two-factor authentication to secure backups.
- Capture forensically complete images of all suspect devices so the data restoration group can proceed
- Preserve firewall, VPN, and other key logs as soon as feasible
- Establish the variety of ransomware involved in the assault
- Inspect each computer and storage device on the system including cloud-hosted storage for signs of encryption
- Catalog all compromised devices
- Determine the type of ransomware used in the assault
- Review log activity and user sessions to determine the time frame of the assault and to spot any potential lateral migration from the originally infected system
- Understand the security gaps exploited to carry out the ransomware assault
- Look for the creation of executables surrounding the first encrypted files or network breach
- Parse Outlook web archives
- Examine attachments
- Extract any URLs embedded in email messages and determine if they are malicious
- Provide comprehensive incident documentation to satisfy your insurance carrier and compliance mandates
- Document recommendations to shore up security gaps and enforce workflows that lower the risk of a future ransomware breach
Progent has provided remote and on-premises network services throughout the U.S. for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes consultants who have earned high-level certifications in foundation technology platforms such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's data security experts have earned prestigious certifications such as CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and Enterprise Resource Planning software. This broad array of expertise allows Progent to salvage and integrate the surviving parts of your network after a ransomware assault and rebuild them quickly into an operational network. Progent has worked with leading insurance providers like Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in Des Moines
To find out more information about ways Progent can help your Des Moines business with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.