Progent's Ransomware Forensics Investigation and Reporting Services
Progent's ransomware forensics consultants can preserve the system state after a ransomware attack and perform a comprehensive forensics analysis without disrupting activity related to business resumption and data recovery. You can utilize Progent's forensics report to block subsequent ransomware attacks, assist in the cleanup of lost data, and comply with insurance and regulatory reporting requirements.
Ransomware forensics analysis is aimed at discovering and documenting the ransomware assault's progress throughout the network from start to finish. This history of how a ransomware attack travelled through the network helps your IT staff to evaluate the damage and brings to light vulnerabilities in policies or processes that need to be rectified to avoid later breaches. Forensics is typically given a high priority by the insurance carrier and is typically mandated by government and industry regulations. Because forensic analysis can be time consuming, it is critical that other key activities like business continuity are pursued concurrently. Progent maintains an extensive roster of IT and cybersecurity professionals with the skills needed to perform the work of containment, business resumption, and data restoration without interfering with forensic analysis.
Ransomware forensics analysis is complex and requires close interaction with the teams responsible for file cleanup and, if needed, settlement discussions with the ransomware hacker. Ransomware forensics can require the review of logs, registry, Group Policy Object (GPO), Active Directory, DNS, routers, firewalls, scheduled tasks, and core Windows systems to look for changes.
Services associated with forensics analysis include:
- Isolate without shutting down all potentially suspect devices from the network. This may involve closing all RDP ports and Internet facing NAS storage, changing admin credentials and user PWs, and setting up two-factor authentication to secure your backups.
- Create forensically sound images of all suspect devices so the file restoration team can get started
- Preserve firewall, VPN, and additional critical logs as quickly as feasible
- Identify the strain of ransomware involved in the attack
- Examine every machine and data store on the network including cloud-hosted storage for indications of compromise
- Inventory all encrypted devices
- Establish the kind of ransomware used in the assault
- Study log activity and sessions to establish the timeline of the ransomware assault and to identify any potential lateral movement from the first compromised machine
- Identify the attack vectors exploited to carry out the ransomware attack
- Search for the creation of executables surrounding the original encrypted files or network compromise
- Parse Outlook PST files
- Analyze attachments
- Extract any URLs from messages and determine whether they are malware
- Provide detailed incident reporting to meet your insurance carrier and compliance mandates
- Suggest recommended improvements to close cybersecurity gaps and improve processes that lower the risk of a future ransomware breach
Progent's Background
Progent has delivered online and onsite IT services across the U.S. for over 20 years and has been awarded Microsoft's Partner designation in the Datacenter and Cloud Productivity competencies. Progent's team of subject matter experts (SMEs) includes professionals who have earned advanced certifications in foundation technology platforms including Cisco networking, VMware virtualization, and popular distributions of Linux. Progent's cybersecurity experts have earned industry-recognized certifications such as CISM, CISSP, CRISC, and CMMC 2.0. (See certifications earned by Progent consultants). Progent also offers guidance in financial and ERP software. This scope of expertise gives Progent the ability to salvage and consolidate the surviving pieces of your network after a ransomware attack and rebuild them rapidly into a functioning system. Progent has collaborated with leading cyber insurance carriers like Chubb to assist businesses clean up after ransomware assaults.
Contact Progent about Progent's Ransomware Forensics Analysis Expertise
To learn more information about ways Progent can assist your business with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.