Progent's Ransomware Forensics and Reporting in Edison
Progent's ransomware forensics experts can preserve the evidence of a ransomware assault and carry out a comprehensive forensics investigation without slowing down the processes required for operational continuity and data recovery. Your Edison organization can utilize Progent's post-attack forensics documentation to combat subsequent ransomware attacks, assist in the recovery of encrypted data, and meet insurance and governmental mandates.
Ransomware forensics is aimed at determining and describing the ransomware assault's storyline throughout the targeted network from start to finish. This history of how a ransomware assault travelled within the network helps you to evaluate the impact and brings to light shortcomings in policies or work habits that should be corrected to prevent later break-ins. Forensic analysis is usually given a top priority by the cyber insurance provider and is typically mandated by state and industry regulations. Since forensics can take time, it is essential that other key recovery processes like business resumption are pursued concurrently. Progent maintains an extensive team of IT and data security experts with the knowledge and experience required to carry out the work of containment, business resumption, and data recovery without disrupting forensic analysis.
Ransomware forensics investigation is arduous and requires intimate interaction with the teams responsible for file cleanup and, if necessary, settlement talks with the ransomware Threat Actor (TA). Ransomware forensics typically involve the examination of all logs, registry, Group Policy Object (GPO), Active Directory, DNS servers, routers, firewalls, schedulers, and basic Windows systems to check for variations.
Activities associated with forensics include:
- Detach but avoid shutting down all potentially impacted devices from the network. This can require closing all RDP ports and Internet facing network-attached storage, modifying admin credentials and user PWs, and implementing 2FA to guard your backups.
- Preserve forensically complete digital images of all suspect devices so your file recovery group can get started
- Save firewall, virtual private network, and additional critical logs as soon as feasible
- Establish the kind of ransomware used in the assault
- Survey every computer and data store on the system as well as cloud storage for signs of compromise
- Catalog all compromised devices
- Determine the type of ransomware used in the attack
- Review log activity and user sessions to establish the timeline of the attack and to identify any potential sideways movement from the originally compromised machine
- Identify the attack vectors used to perpetrate the ransomware attack
- Look for the creation of executables associated with the original encrypted files or system breach
- Parse Outlook web archives
- Examine attachments
- Extract any URLs from messages and check to see whether they are malicious
- Provide detailed attack documentation to satisfy your insurance and compliance requirements
- Document recommendations to shore up security gaps and enforce processes that reduce the exposure to a future ransomware breach
Progent has provided online and onsite IT services throughout the United States for more than two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes professionals who have earned high-level certifications in foundation technologies such as Cisco networking, VMware virtualization, and major Linux distros. Progent's data security consultants have earned internationally recognized certifications including CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has guidance in financial and Enterprise Resource Planning application software. This broad array of skills gives Progent the ability to salvage and integrate the surviving pieces of your network following a ransomware attack and rebuild them quickly into an operational network. Progent has worked with top cyber insurance carriers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Edison
To learn more about how Progent can help your Edison business with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.