Progent's Ransomware Forensics Analysis and Reporting in Edmonton
Progent's ransomware forensics experts can save the evidence of a ransomware attack and carry out a detailed forensics investigation without impeding the processes required for business continuity and data restoration. Your Edmonton organization can use Progent's ransomware forensics documentation to counter subsequent ransomware attacks, assist in the cleanup of encrypted data, and meet insurance and regulatory mandates.
Ransomware forensics investigation involves determining and documenting the ransomware attack's storyline across the targeted network from beginning to end. This audit trail of how a ransomware assault travelled within the network assists your IT staff to assess the impact and uncovers shortcomings in rules or work habits that need to be corrected to prevent future breaches. Forensics is commonly given a top priority by the insurance carrier and is often mandated by government and industry regulations. Since forensics can take time, it is critical that other important recovery processes such as business resumption are performed in parallel. Progent has a large team of information technology and data security professionals with the knowledge and experience required to perform the work of containment, operational continuity, and data recovery without disrupting forensic analysis.
Ransomware forensics analysis is time consuming and calls for intimate cooperation with the groups focused on file restoration and, if needed, settlement talks with the ransomware Threat Actor (TA). Ransomware forensics typically involve the review of all logs, registry, GPO, AD, DNS, routers, firewalls, scheduled tasks, and basic Windows systems to check for changes.
Services involved with forensics investigation include:
- Detach but avoid shutting down all possibly affected devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and configuring 2FA to protect your backups.
- Create forensically sound images of all suspect devices so the data recovery group can get started
- Preserve firewall, virtual private network, and additional key logs as quickly as feasible
- Identify the strain of ransomware involved in the assault
- Inspect each computer and data store on the network as well as cloud-hosted storage for signs of encryption
- Catalog all compromised devices
- Establish the type of ransomware used in the attack
- Review log activity and user sessions to determine the time frame of the assault and to spot any possible lateral movement from the originally infected machine
- Identify the security gaps used to perpetrate the ransomware attack
- Search for new executables associated with the first encrypted files or system breach
- Parse Outlook web archives
- Analyze attachments
- Extract URLs embedded in messages and check to see if they are malicious
- Provide extensive attack reporting to meet your insurance and compliance mandates
- Document recommended improvements to close security gaps and improve processes that reduce the risk of a future ransomware breach
Progent's Qualifications
Progent has provided remote and on-premises IT services throughout the United States for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts includes professionals who have earned advanced certifications in core technology platforms such as Cisco networking, VMware, and popular Linux distros. Progent's data security experts have earned prestigious certifications including CISA, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has guidance in financial management and ERP applications. This scope of skills allows Progent to identify and consolidate the surviving parts of your IT environment after a ransomware assault and reconstruct them rapidly into an operational network. Progent has collaborated with leading cyber insurance providers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Investigation Expertise in Edmonton
To learn more information about how Progent can assist your Edmonton organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.