Overview of Progent's Ransomware Forensics Investigation and Reporting in Durham
Progent's ransomware forensics consultants can capture the evidence of a ransomware attack and perform a comprehensive forensics investigation without interfering with activity related to business resumption and data recovery. Your Durham business can use Progent's post-attack forensics documentation to block subsequent ransomware attacks, assist in the recovery of encrypted data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics analysis involves tracking and describing the ransomware attack's progress throughout the network from beginning to end. This audit trail of the way a ransomware attack progressed through the network assists your IT staff to evaluate the damage and uncovers gaps in policies or work habits that should be rectified to avoid later breaches. Forensic analysis is usually given a high priority by the insurance provider and is typically mandated by government and industry regulations. Because forensics can be time consuming, it is vital that other important activities such as operational continuity are pursued concurrently. Progent has a large team of IT and security professionals with the skills required to carry out the work of containment, business resumption, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is complex and calls for intimate cooperation with the teams responsible for file cleanup and, if needed, settlement discussions with the ransomware hacker. forensics typically require the examination of all logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, schedulers, and basic Windows systems to check for changes.
Activities involved with forensics include:
- Isolate but avoid shutting off all possibly suspect devices from the network. This may require closing all RDP ports and Internet facing NAS storage, modifying admin credentials and user passwords, and implementing 2FA to guard your backups.
- Copy forensically complete digital images of all suspect devices so your file restoration team can get started
- Save firewall, VPN, and other key logs as soon as feasible
- Identify the kind of ransomware used in the attack
- Examine each computer and storage device on the network including cloud storage for indications of compromise
- Inventory all encrypted devices
- Determine the type of ransomware involved in the attack
- Review logs and sessions in order to determine the timeline of the attack and to identify any possible lateral movement from the originally infected machine
- Understand the attack vectors exploited to perpetrate the ransomware assault
- Look for the creation of executables surrounding the original encrypted files or system breach
- Parse Outlook web archives
- Examine attachments
- Extract any URLs embedded in email messages and check to see if they are malicious
- Provide comprehensive incident documentation to satisfy your insurance carrier and compliance requirements
- List recommended improvements to close cybersecurity gaps and enforce workflows that lower the risk of a future ransomware exploit
Progent has delivered online and on-premises IT services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have been awarded high-level certifications in core technologies such as Cisco networking, VMware virtualization, and popular Linux distros. Progent's cybersecurity experts have earned industry-recognized certifications including CISA, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also has top-tier support in financial and ERP applications. This broad array of expertise allows Progent to salvage and consolidate the undamaged parts of your IT environment after a ransomware attack and rebuild them quickly into a functioning network. Progent has worked with top insurance carriers like Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Durham
To learn more about how Progent can help your Durham organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.