Overview of Progent's Ransomware Forensics and Reporting Services
Progent's ransomware forensics consultants can preserve the system state after a ransomware assault and carry out a detailed forensics analysis without interfering with the processes required for operational resumption and data restoration. You can use Progent's post-attack ransomware forensics report to block future ransomware assaults, assist in the restoration of encrypted data, and meet insurance and governmental mandates.
Ransomware forensics involves tracking and documenting the ransomware attack's progress across the targeted network from start to finish. This history of the way a ransomware assault progressed within the network helps your IT staff to assess the impact and brings to light shortcomings in security policies or processes that need to be corrected to avoid later break-ins. Forensics is usually given a top priority by the cyber insurance provider and is typically mandated by state and industry regulations. Because forensic analysis can be time consuming, it is vital that other important recovery processes such as operational continuity are performed in parallel. Progent maintains an extensive team of information technology and security professionals with the skills needed to carry out the work of containment, operational resumption, and data recovery without disrupting forensics.
Ransomware forensics is complicated and requires intimate interaction with the teams assigned to data cleanup and, if needed, settlement discussions with the ransomware Threat Actor. Ransomware forensics can involve the review of all logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS, routers, firewalls, schedulers, and core Windows systems to detect changes.
Services involved with forensics investigation include:
- Disconnect without shutting down all possibly affected devices from the network. This can require closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user PWs, and configuring 2FA to secure your backups.
- Copy forensically sound digital images of all suspect devices so the data restoration team can get started
- Preserve firewall, virtual private network, and additional critical logs as soon as possible
- Establish the kind of ransomware used in the assault
- Examine every computer and storage device on the system including cloud storage for indications of encryption
- Catalog all encrypted devices
- Determine the kind of ransomware involved in the attack
- Review logs and user sessions in order to establish the timeline of the attack and to identify any possible lateral movement from the originally compromised system
- Identify the security gaps used to perpetrate the ransomware assault
- Look for new executables associated with the first encrypted files or network compromise
- Parse Outlook PST files
- Examine attachments
- Separate any URLs embedded in messages and check to see if they are malicious
- Provide detailed attack reporting to meet your insurance and compliance regulations
- List recommendations to close cybersecurity gaps and improve processes that lower the exposure to a future ransomware breach
Progent has provided remote and on-premises IT services across the U.S. for over 20 years and has been awarded Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SBEs includes consultants who have earned advanced certifications in foundation technologies including Cisco networking, VMware virtualization, and major Linux distros. Progent's data security experts have earned internationally recognized certifications such as CISA, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning application software. This breadth of skills allows Progent to salvage and integrate the surviving pieces of your IT environment after a ransomware attack and reconstruct them quickly into a viable network. Progent has worked with top insurance providers including Chubb to help businesses clean up after ransomware attacks.
Contact Progent about Progent's Ransomware Forensics Investigation Expertise
To learn more about ways Progent can help your business with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.