Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Durham
Progent's ransomware forensics experts can preserve the system state after a ransomware assault and carry out a detailed forensics investigation without slowing down the processes required for business continuity and data recovery. Your Durham business can utilize Progent's forensics documentation to counter subsequent ransomware assaults, assist in the recovery of encrypted data, and comply with insurance and regulatory mandates.
Ransomware forensics is aimed at tracking and documenting the ransomware attack's progress throughout the network from start to finish. This audit trail of how a ransomware attack travelled through the network assists you to assess the impact and highlights shortcomings in security policies or work habits that need to be rectified to prevent future breaches. Forensics is typically assigned a top priority by the insurance carrier and is typically mandated by state and industry regulations. Since forensic analysis can be time consuming, it is essential that other key recovery processes such as business continuity are performed concurrently. Progent maintains an extensive roster of IT and cybersecurity experts with the skills needed to carry out activities for containment, business resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics is time consuming and requires intimate interaction with the teams focused on file restoration and, if necessary, payment discussions with the ransomware Threat Actor. forensics typically require the review of all logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for anomalies.
Activities associated with forensics investigation include:
- Disconnect but avoid shutting down all possibly affected devices from the network. This may involve closing all RDP ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and setting up 2FA to protect your backups.
- Capture forensically sound duplicates of all suspect devices so the file restoration group can proceed
- Preserve firewall, VPN, and other critical logs as soon as feasible
- Determine the strain of ransomware used in the assault
- Survey each computer and data store on the system including cloud-hosted storage for indications of encryption
- Catalog all compromised devices
- Determine the kind of ransomware involved in the assault
- Study logs and user sessions in order to determine the time frame of the assault and to spot any potential sideways movement from the originally compromised machine
- Understand the attack vectors used to perpetrate the ransomware attack
- Look for the creation of executables associated with the original encrypted files or system breach
- Parse Outlook web archives
- Examine email attachments
- Extract URLs from messages and check to see if they are malware
- Provide detailed attack documentation to satisfy your insurance and compliance requirements
- Document recommendations to close cybersecurity gaps and enforce workflows that reduce the risk of a future ransomware exploit
Progent has provided online and on-premises IT services throughout the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have earned advanced certifications in core technologies such as Cisco networking, VMware virtualization, and major distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications such as CISA, CISSP, and GIAC. (Refer to Progent's certifications). Progent also has top-tier support in financial management and ERP applications. This breadth of expertise allows Progent to identify and integrate the undamaged parts of your IT environment after a ransomware attack and reconstruct them rapidly into a viable system. Progent has worked with top cyber insurance carriers like Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Durham
To find out more about how Progent can help your Durham organization with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.