Overview of Progent's Ransomware Forensics Analysis and Reporting Services in Edison
Progent's ransomware forensics experts can capture the evidence of a ransomware assault and carry out a comprehensive forensics analysis without interfering with activity required for operational continuity and data restoration. Your Edison organization can use Progent's post-attack forensics documentation to counter future ransomware attacks, validate the recovery of encrypted data, and comply with insurance and governmental reporting requirements.
Ransomware forensics investigation involves determining and describing the ransomware assault's progress across the network from start to finish. This history of how a ransomware attack travelled through the network assists you to evaluate the impact and brings to light gaps in security policies or processes that should be corrected to avoid later break-ins. Forensics is typically assigned a high priority by the insurance carrier and is often required by state and industry regulations. Since forensic analysis can take time, it is essential that other key recovery processes like operational resumption are performed in parallel. Progent maintains an extensive team of IT and data security professionals with the skills needed to carry out activities for containment, business resumption, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is time consuming and requires close cooperation with the groups focused on file restoration and, if necessary, payment negotiation with the ransomware Threat Actor (TA). Ransomware forensics typically require the examination of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, scheduled tasks, and core Windows systems to detect variations.
Services associated with forensics analysis include:
- Isolate without shutting down all possibly affected devices from the system. This may require closing all RDP ports and Internet connected NAS storage, changing admin credentials and user PWs, and setting up 2FA to secure your backups.
- Create forensically valid duplicates of all exposed devices so your file restoration group can proceed
- Save firewall, VPN, and other critical logs as quickly as feasible
- Determine the type of ransomware involved in the attack
- Survey each machine and storage device on the network as well as cloud-hosted storage for indications of encryption
- Inventory all compromised devices
- Determine the kind of ransomware used in the assault
- Review logs and sessions to establish the timeline of the assault and to spot any possible sideways movement from the originally compromised machine
- Understand the attack vectors used to carry out the ransomware attack
- Search for new executables surrounding the original encrypted files or network breach
- Parse Outlook PST files
- Analyze attachments
- Separate URLs from messages and determine whether they are malicious
- Produce comprehensive attack documentation to meet your insurance carrier and compliance regulations
- Document recommended improvements to close security vulnerabilities and improve processes that lower the exposure to a future ransomware exploit
Progent has provided remote and on-premises network services throughout the U.S. for more than 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in core technologies including Cisco networking, VMware, and popular distributions of Linux. Progent's data security experts have earned prestigious certifications including CISA, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also offers top-tier support in financial management and ERP applications. This broad array of expertise gives Progent the ability to identify and integrate the surviving pieces of your IT environment after a ransomware assault and reconstruct them quickly into an operational system. Progent has worked with top cyber insurance providers including Chubb to help organizations clean up after ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Edison
To learn more information about ways Progent can assist your Edison business with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.