Overview of Progent's Ransomware Forensics and Reporting in Edison
Progent's ransomware forensics experts can save the evidence of a ransomware assault and carry out a detailed forensics analysis without impeding the processes related to operational resumption and data restoration. Your Edison business can utilize Progent's forensics documentation to counter future ransomware assaults, assist in the cleanup of lost data, and meet insurance carrier and regulatory reporting requirements.
Ransomware forensics analysis involves determining and describing the ransomware attack's progress across the targeted network from beginning to end. This audit trail of how a ransomware attack travelled through the network helps you to evaluate the damage and highlights vulnerabilities in rules or processes that should be corrected to avoid later breaches. Forensics is typically given a high priority by the cyber insurance provider and is typically mandated by state and industry regulations. Because forensic analysis can take time, it is critical that other key recovery processes such as operational resumption are executed concurrently. Progent has a large team of information technology and security experts with the skills required to perform activities for containment, business continuity, and data restoration without interfering with forensic analysis.
Ransomware forensics is time consuming and calls for intimate cooperation with the teams responsible for data restoration and, if needed, settlement negotiation with the ransomware Threat Actor. Ransomware forensics can require the examination of all logs, registry, Group Policy Object, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to check for anomalies.
Activities involved with forensics include:
- Isolate but avoid shutting down all potentially affected devices from the system. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and implementing two-factor authentication to guard backups.
- Copy forensically valid digital images of all exposed devices so the file restoration team can get started
- Save firewall, VPN, and other critical logs as quickly as possible
- Identify the version of ransomware used in the assault
- Inspect each computer and storage device on the system including cloud storage for indications of compromise
- Catalog all compromised devices
- Establish the kind of ransomware used in the attack
- Study log activity and sessions in order to establish the timeline of the ransomware attack and to spot any potential sideways movement from the first compromised machine
- Understand the security gaps exploited to carry out the ransomware attack
- Look for new executables associated with the original encrypted files or network breach
- Parse Outlook PST files
- Analyze email attachments
- Separate any URLs embedded in messages and determine if they are malware
- Produce detailed attack reporting to satisfy your insurance and compliance requirements
- Suggest recommended improvements to shore up security gaps and improve processes that lower the risk of a future ransomware breach
Progent has provided online and on-premises IT services throughout the U.S. for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes professionals who have earned advanced certifications in foundation technology platforms including Cisco infrastructure, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity consultants have earned internationally recognized certifications including CISM, CISSP-ISSAP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP software. This scope of skills gives Progent the ability to salvage and consolidate the surviving parts of your IT environment following a ransomware attack and rebuild them quickly into an operational network. Progent has collaborated with leading insurance providers like Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Edison
To learn more about ways Progent can assist your Edison business with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.