Overview of Progent's Ransomware Forensics and Reporting
Progent's ransomware forensics experts can capture the evidence of a ransomware assault and carry out a comprehensive forensics investigation without slowing down the processes required for operational resumption and data restoration. You can utilize Progent's forensics documentation to block future ransomware attacks, validate the cleanup of encrypted data, and comply with insurance and governmental requirements.
Ransomware forensics analysis is aimed at discovering and describing the ransomware attack's progress across the network from beginning to end. This audit trail of the way a ransomware attack travelled within the network helps your IT staff to assess the damage and uncovers gaps in rules or work habits that need to be corrected to prevent later break-ins. Forensic analysis is usually given a high priority by the insurance carrier and is typically required by state and industry regulations. Because forensic analysis can take time, it is essential that other key recovery processes like business continuity are executed concurrently. Progent maintains a large team of information technology and security experts with the skills required to carry out the work of containment, business continuity, and data recovery without disrupting forensics.
Ransomware forensics is arduous and requires intimate interaction with the groups focused on file cleanup and, if needed, settlement discussions with the ransomware attacker. Ransomware forensics typically require the review of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, schedulers, and core Windows systems to look for variations.
Services involved with forensics include:
- Disconnect but avoid shutting off all potentially affected devices from the system. This may involve closing all RDP ports and Internet facing network-attached storage, modifying admin credentials and user PWs, and implementing 2FA to protect backups.
- Copy forensically complete duplicates of all exposed devices so the data restoration team can proceed
- Preserve firewall, virtual private network, and additional critical logs as quickly as possible
- Determine the variety of ransomware used in the attack
- Inspect each computer and storage device on the system as well as cloud storage for signs of encryption
- Catalog all compromised devices
- Determine the kind of ransomware involved in the assault
- Review log activity and sessions to determine the time frame of the ransomware attack and to identify any potential lateral migration from the originally infected machine
- Understand the attack vectors exploited to carry out the ransomware attack
- Look for new executables surrounding the first encrypted files or network compromise
- Parse Outlook PST files
- Analyze attachments
- Extract any URLs embedded in email messages and check to see if they are malware
- Provide detailed incident documentation to satisfy your insurance and compliance requirements
- Suggest recommendations to close cybersecurity gaps and improve processes that lower the risk of a future ransomware exploit
Progent's Qualifications
Progent has provided remote and on-premises IT services across the United States for more than 20 years and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of subject matter experts includes consultants who have earned high-level certifications in core technology platforms including Cisco infrastructure, VMware, and major Linux distros. Progent's cybersecurity consultants have earned prestigious certifications including CISM, CISSP, GIAC, and CMMC 2.0. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial and Enterprise Resource Planning application software. This breadth of expertise gives Progent the ability to salvage and consolidate the surviving parts of your information system after a ransomware assault and rebuild them rapidly into a viable network. Progent has collaborated with top insurance carriers like Chubb to help businesses recover from ransomware assaults.
Contact Progent about Progent's Ransomware Forensics Investigation Services
To find out more information about ways Progent can assist you with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.