Overview of Progent's Ransomware Forensics and Reporting Services in Fort Myers
Progent's ransomware forensics experts can preserve the evidence of a ransomware attack and perform a detailed forensics investigation without impeding the processes required for business resumption and data recovery. Your Fort Myers organization can utilize Progent's post-attack forensics report to combat subsequent ransomware attacks, assist in the cleanup of lost data, and comply with insurance carrier and governmental mandates.
Ransomware forensics investigation is aimed at discovering and documenting the ransomware assault's progress across the network from start to finish. This audit trail of the way a ransomware attack travelled within the network helps you to assess the impact and uncovers vulnerabilities in security policies or work habits that should be corrected to prevent later break-ins. Forensic analysis is usually given a top priority by the insurance provider and is typically mandated by state and industry regulations. Since forensic analysis can be time consuming, it is critical that other key activities like business resumption are performed concurrently. Progent has a large roster of information technology and security professionals with the skills required to carry out activities for containment, operational resumption, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is complex and calls for intimate interaction with the groups responsible for data restoration and, if needed, payment talks with the ransomware Threat Actor. Ransomware forensics can involve the examination of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and core Windows systems to look for variations.
Services involved with forensics investigation include:
- Detach but avoid shutting off all possibly affected devices from the system. This can require closing all Remote Desktop Protocol (RDP) ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and implementing two-factor authentication to secure backups.
- Capture forensically sound images of all exposed devices so your file recovery team can get started
- Preserve firewall, VPN, and other key logs as quickly as possible
- Identify the strain of ransomware used in the attack
- Survey every machine and storage device on the system as well as cloud-hosted storage for signs of compromise
- Inventory all encrypted devices
- Establish the type of ransomware used in the attack
- Review logs and user sessions to determine the time frame of the ransomware assault and to spot any potential sideways migration from the originally compromised system
- Identify the attack vectors exploited to perpetrate the ransomware assault
- Look for the creation of executables surrounding the first encrypted files or system compromise
- Parse Outlook PST files
- Examine email attachments
- Separate any URLs embedded in messages and determine whether they are malicious
- Produce detailed attack documentation to satisfy your insurance carrier and compliance requirements
- List recommendations to close security vulnerabilities and improve workflows that reduce the risk of a future ransomware exploit
Progent has provided remote and on-premises IT services throughout the United States for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SBEs) includes professionals who have been awarded advanced certifications in foundation technologies including Cisco networking, VMware virtualization, and major distributions of Linux. Progent's data security experts have earned internationally recognized certifications including CISM, CISSP-ISSAP, and GIAC. (Refer to certifications earned by Progent consultants). Progent also has top-tier support in financial and Enterprise Resource Planning applications. This scope of expertise allows Progent to salvage and integrate the surviving parts of your information system following a ransomware assault and rebuild them quickly into a viable network. Progent has worked with leading cyber insurance providers including Chubb to assist businesses clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in Fort Myers
To find out more information about ways Progent can assist your Fort Myers organization with ransomware forensics investigation, call 1-800-993-9400 or see Contact Progent.