Overview of Progent's Ransomware Forensics Analysis and Reporting in Edison
Progent's ransomware forensics consultants can preserve the system state after a ransomware attack and carry out a detailed forensics investigation without disrupting activity required for business continuity and data restoration. Your Edison organization can use Progent's post-attack ransomware forensics report to block future ransomware assaults, assist in the restoration of lost data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics analysis involves determining and describing the ransomware assault's storyline across the network from beginning to end. This history of the way a ransomware attack travelled within the network assists your IT staff to assess the damage and highlights vulnerabilities in rules or processes that need to be rectified to prevent future breaches. Forensic analysis is usually assigned a high priority by the cyber insurance provider and is often mandated by government and industry regulations. Since forensic analysis can be time consuming, it is vital that other key activities such as operational continuity are pursued in parallel. Progent has a large team of information technology and security experts with the skills needed to perform activities for containment, business resumption, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is time consuming and requires intimate interaction with the teams assigned to data restoration and, if needed, settlement discussions with the ransomware Threat Actor. Ransomware forensics typically require the review of all logs, registry, Group Policy Object, Active Directory (AD), DNS, routers, firewalls, schedulers, and basic Windows systems to look for changes.
Activities associated with forensics investigation include:
- Detach but avoid shutting down all possibly suspect devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, changing admin credentials and user PWs, and setting up two-factor authentication to secure your backups.
- Copy forensically sound images of all exposed devices so your file restoration team can proceed
- Save firewall, VPN, and additional critical logs as quickly as possible
- Identify the variety of ransomware involved in the attack
- Survey every computer and storage device on the system as well as cloud-hosted storage for indications of encryption
- Catalog all compromised devices
- Establish the kind of ransomware used in the assault
- Review logs and sessions to establish the time frame of the attack and to spot any possible sideways migration from the originally infected machine
- Understand the security gaps used to carry out the ransomware assault
- Look for new executables surrounding the first encrypted files or network compromise
- Parse Outlook web archives
- Analyze attachments
- Extract any URLs from messages and determine if they are malware
- Produce comprehensive incident reporting to satisfy your insurance carrier and compliance requirements
- List recommended improvements to close security gaps and enforce workflows that lower the exposure to a future ransomware exploit
Progent has provided remote and on-premises IT services throughout the United States for more than two decades and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes professionals who have been awarded advanced certifications in foundation technologies including Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned internationally recognized certifications such as CISA, CISSP, and GIAC. (Refer to Progent's certifications). Progent also offers top-tier support in financial management and ERP applications. This broad array of expertise gives Progent the ability to salvage and integrate the undamaged pieces of your network following a ransomware attack and reconstruct them rapidly into an operational system. Progent has collaborated with top insurance providers including Chubb to help businesses recover from ransomware attacks.
Contact Progent about Ransomware Forensics Analysis Services in Edison
To find out more information about ways Progent can help your Edison business with ransomware forensics analysis, call 1-800-462-8800 or see Contact Progent.