Overview of Progent's Ransomware Forensics Analysis and Reporting in Grand Rapids
Progent's ransomware forensics experts can capture the system state after a ransomware attack and perform a detailed forensics analysis without disrupting activity related to operational continuity and data restoration. Your Grand Rapids organization can use Progent's forensics documentation to block subsequent ransomware attacks, assist in the recovery of lost data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics is aimed at tracking and describing the ransomware attack's storyline across the network from beginning to end. This history of how a ransomware assault progressed through the network assists you to evaluate the impact and brings to light weaknesses in security policies or processes that need to be corrected to prevent future break-ins. Forensic analysis is typically given a high priority by the cyber insurance provider and is often mandated by state and industry regulations. Because forensic analysis can be time consuming, it is essential that other important recovery processes like operational resumption are performed concurrently. Progent has an extensive roster of information technology and cybersecurity professionals with the skills needed to perform the work of containment, business resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics analysis is complex and calls for close cooperation with the teams assigned to data restoration and, if needed, settlement talks with the ransomware adversary. forensics can involve the examination of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to detect anomalies.
Activities involved with forensics analysis include:
- Detach without shutting down all potentially affected devices from the network. This can require closing all RDP ports and Internet facing NAS storage, changing admin credentials and user passwords, and setting up 2FA to secure your backups.
- Copy forensically valid digital images of all suspect devices so your data restoration team can proceed
- Save firewall, VPN, and other key logs as quickly as feasible
- Establish the variety of ransomware involved in the assault
- Survey each machine and data store on the system as well as cloud storage for signs of compromise
- Inventory all encrypted devices
- Determine the type of ransomware involved in the attack
- Review log activity and user sessions in order to determine the time frame of the attack and to identify any potential sideways migration from the originally compromised machine
- Identify the security gaps exploited to perpetrate the ransomware attack
- Search for new executables surrounding the first encrypted files or system compromise
- Parse Outlook web archives
- Analyze email attachments
- Separate any URLs embedded in email messages and check to see if they are malware
- Produce detailed attack documentation to satisfy your insurance and compliance regulations
- Document recommended improvements to shore up cybersecurity vulnerabilities and enforce workflows that lower the exposure to a future ransomware breach
Progent's Qualifications
Progent has provided online and onsite IT services throughout the U.S. for over two decades and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts (SMEs) includes consultants who have been awarded advanced certifications in foundation technologies including Cisco networking, VMware virtualization, and major Linux distros. Progent's data security experts have earned prestigious certifications including CISM, CISSP-ISSAP, and CRISC. (See Progent's certifications). Progent also has top-tier support in financial management and Enterprise Resource Planning software. This scope of expertise allows Progent to salvage and consolidate the undamaged parts of your network following a ransomware attack and rebuild them quickly into an operational network. Progent has collaborated with top insurance providers including Chubb to help organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in Grand Rapids
To learn more information about how Progent can assist your Grand Rapids organization with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.