Progent's Ransomware Forensics Investigation and Reporting in Durham
Progent's ransomware forensics experts can preserve the system state after a ransomware assault and perform a comprehensive forensics investigation without disrupting the processes related to operational resumption and data recovery. Your Durham business can utilize Progent's post-attack forensics documentation to counter subsequent ransomware attacks, validate the restoration of lost data, and comply with insurance and governmental mandates.
Ransomware forensics investigation is aimed at discovering and describing the ransomware assault's storyline throughout the targeted network from start to finish. This history of the way a ransomware assault travelled through the network helps you to evaluate the damage and highlights shortcomings in policies or processes that need to be corrected to avoid future breaches. Forensics is commonly given a top priority by the cyber insurance provider and is often mandated by government and industry regulations. Because forensic analysis can be time consuming, it is essential that other key activities like operational continuity are executed concurrently. Progent has an extensive roster of IT and cybersecurity experts with the skills needed to perform activities for containment, business resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics is time consuming and calls for close cooperation with the teams responsible for file recovery and, if needed, payment negotiation with the ransomware Threat Actor (TA). forensics can require the review of logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, schedulers, and core Windows systems to check for anomalies.
Services involved with forensics include:
- Disconnect without shutting down all possibly impacted devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, modifying admin credentials and user passwords, and configuring 2FA to guard backups.
- Copy forensically complete images of all exposed devices so your data recovery group can proceed
- Preserve firewall, VPN, and other key logs as quickly as feasible
- Establish the strain of ransomware involved in the attack
- Survey every computer and data store on the system as well as cloud storage for indications of compromise
- Inventory all encrypted devices
- Establish the type of ransomware involved in the assault
- Review logs and user sessions to determine the time frame of the ransomware assault and to spot any potential lateral movement from the first compromised machine
- Understand the security gaps used to carry out the ransomware attack
- Look for new executables associated with the first encrypted files or network breach
- Parse Outlook web archives
- Analyze email attachments
- Separate any URLs from email messages and check to see if they are malware
- Produce extensive incident reporting to meet your insurance and compliance regulations
- List recommendations to close cybersecurity vulnerabilities and improve workflows that reduce the risk of a future ransomware breach
Progent has delivered online and onsite IT services throughout the U.S. for over 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes consultants who have earned advanced certifications in core technologies including Cisco networking, VMware virtualization, and major Linux distros. Progent's cybersecurity consultants have earned prestigious certifications including CISA, CISSP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also offers top-tier support in financial and ERP application software. This scope of skills allows Progent to salvage and consolidate the surviving parts of your network following a ransomware attack and rebuild them quickly into a viable system. Progent has worked with top insurance providers including Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Durham
To find out more information about how Progent can assist your Durham organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.