Overview of Progent's Ransomware Forensics and Reporting Services
Progent's ransomware forensics experts can preserve the evidence of a ransomware assault and perform a detailed forensics analysis without interfering with the processes related to operational resumption and data restoration. You can use Progent's post-attack ransomware forensics documentation to block future ransomware attacks, validate the restoration of lost data, and comply with insurance carrier and regulatory mandates.
Ransomware forensics analysis is aimed at determining and documenting the ransomware assault's storyline across the targeted network from start to finish. This history of how a ransomware assault travelled within the network helps you to evaluate the damage and brings to light shortcomings in rules or processes that need to be corrected to avoid later break-ins. Forensic analysis is typically assigned a top priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Since forensic analysis can take time, it is vital that other important activities like operational continuity are pursued concurrently. Progent maintains an extensive team of information technology and cybersecurity experts with the knowledge and experience needed to carry out activities for containment, business continuity, and data restoration without interfering with forensics.
Ransomware forensics investigation is complex and calls for intimate cooperation with the teams assigned to file restoration and, if needed, settlement negotiation with the ransomware Threat Actor (TA). forensics can involve the examination of logs, registry, Group Policy Object, AD, DNS, routers, firewalls, schedulers, and core Windows systems to look for changes.
Activities involved with forensics investigation include:
- Disconnect but avoid shutting down all potentially impacted devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet facing NAS storage, changing admin credentials and user passwords, and configuring 2FA to guard your backups.
- Create forensically sound images of all exposed devices so your data restoration team can proceed
- Save firewall, virtual private network, and other critical logs as quickly as feasible
- Identify the variety of ransomware used in the attack
- Examine each computer and data store on the system as well as cloud-hosted storage for indications of compromise
- Inventory all compromised devices
- Establish the kind of ransomware involved in the attack
- Study logs and user sessions to determine the time frame of the ransomware attack and to spot any possible lateral migration from the first infected machine
- Understand the security gaps used to perpetrate the ransomware assault
- Look for new executables surrounding the first encrypted files or system breach
- Parse Outlook web archives
- Examine email attachments
- Extract URLs embedded in messages and determine if they are malicious
- Produce detailed incident documentation to meet your insurance and compliance regulations
- Document recommendations to shore up cybersecurity vulnerabilities and improve processes that reduce the risk of a future ransomware exploit
Progent has delivered online and onsite network services throughout the United States for over 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded high-level certifications in core technologies such as Cisco infrastructure, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP-ISSAP, and GIAC. (See Progent's certifications). Progent also has guidance in financial and Enterprise Resource Planning software. This broad array of expertise gives Progent the ability to identify and consolidate the undamaged parts of your IT environment following a ransomware assault and reconstruct them rapidly into an operational system. Progent has collaborated with leading cyber insurance carriers like Chubb to help organizations recover from ransomware attacks.
Contact Progent about Progent's Ransomware Forensics Expertise
To learn more about ways Progent can help your business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.