Overview of Progent's Ransomware Forensics Analysis and Reporting in Durham
Progent's ransomware forensics consultants can save the system state after a ransomware attack and carry out a detailed forensics investigation without interfering with activity required for business continuity and data restoration. Your Durham business can utilize Progent's post-attack ransomware forensics documentation to combat subsequent ransomware assaults, assist in the recovery of encrypted data, and meet insurance carrier and regulatory requirements.
Ransomware forensics is aimed at determining and describing the ransomware attack's progress across the targeted network from beginning to end. This history of how a ransomware assault travelled within the network assists your IT staff to assess the impact and brings to light weaknesses in rules or processes that should be corrected to prevent future break-ins. Forensics is commonly given a top priority by the insurance carrier and is typically mandated by state and industry regulations. Because forensics can take time, it is critical that other key recovery processes like business continuity are performed in parallel. Progent has an extensive roster of information technology and cybersecurity professionals with the knowledge and experience required to perform the work of containment, business continuity, and data recovery without interfering with forensics.
Ransomware forensics investigation is arduous and requires close cooperation with the groups responsible for data recovery and, if necessary, payment negotiation with the ransomware hacker. forensics can require the examination of logs, registry, Group Policy Object (GPO), AD, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to look for changes.
Activities associated with forensics analysis include:
- Disconnect but avoid shutting off all potentially suspect devices from the network. This can involve closing all RDP ports and Internet connected NAS storage, modifying admin credentials and user PWs, and implementing two-factor authentication to protect your backups.
- Copy forensically valid duplicates of all suspect devices so your data restoration group can get started
- Preserve firewall, virtual private network, and other critical logs as soon as feasible
- Determine the kind of ransomware used in the attack
- Survey each machine and storage device on the system including cloud-hosted storage for indications of compromise
- Catalog all encrypted devices
- Establish the type of ransomware used in the attack
- Study log activity and sessions to determine the time frame of the assault and to spot any possible sideways movement from the first compromised system
- Understand the security gaps exploited to perpetrate the ransomware assault
- Look for new executables associated with the original encrypted files or network compromise
- Parse Outlook web archives
- Analyze attachments
- Separate URLs embedded in messages and check to see if they are malicious
- Produce extensive attack documentation to satisfy your insurance carrier and compliance mandates
- List recommended improvements to close cybersecurity vulnerabilities and improve workflows that reduce the exposure to a future ransomware exploit
Progent's Qualifications
Progent has delivered remote and onsite network services throughout the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes consultants who have been awarded high-level certifications in core technology platforms such as Cisco networking, VMware, and major Linux distros. Progent's data security experts have earned prestigious certifications including CISA, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP applications. This breadth of skills allows Progent to salvage and consolidate the undamaged pieces of your IT environment following a ransomware assault and rebuild them quickly into an operational network. Progent has collaborated with leading cyber insurance providers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Durham
To learn more information about how Progent can assist your Durham business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.