Progent's Ransomware Forensics Analysis and Reporting
Progent's ransomware forensics consultants can preserve the system state after a ransomware attack and carry out a detailed forensics analysis without interfering with activity required for operational resumption and data restoration. You can utilize Progent's forensics report to combat subsequent ransomware assaults, assist in the recovery of lost data, and comply with insurance and regulatory mandates.
Ransomware forensics analysis involves determining and describing the ransomware attack's progress across the targeted network from start to finish. This audit trail of the way a ransomware assault travelled through the network assists you to evaluate the damage and uncovers vulnerabilities in policies or processes that should be corrected to avoid future break-ins. Forensics is typically assigned a high priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Since forensic analysis can take time, it is vital that other important recovery processes such as business resumption are performed in parallel. Progent has an extensive roster of information technology and security experts with the knowledge and experience required to carry out activities for containment, business resumption, and data recovery without disrupting forensics.
Ransomware forensics is complex and calls for intimate interaction with the groups assigned to data recovery and, if needed, settlement negotiation with the ransomware hacker. Ransomware forensics can involve the review of logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to detect variations.
Services involved with forensics analysis include:
- Detach but avoid shutting down all potentially affected devices from the system. This can require closing all RDP ports and Internet facing network-attached storage, changing admin credentials and user passwords, and implementing two-factor authentication to guard your backups.
- Capture forensically valid images of all exposed devices so the file restoration group can proceed
- Preserve firewall, virtual private network, and other critical logs as soon as feasible
- Identify the kind of ransomware used in the assault
- Inspect every machine and storage device on the system including cloud-hosted storage for signs of compromise
- Inventory all compromised devices
- Determine the kind of ransomware used in the attack
- Review logs and user sessions in order to determine the time frame of the ransomware attack and to spot any possible lateral movement from the originally compromised system
- Identify the attack vectors exploited to carry out the ransomware assault
- Look for the creation of executables associated with the first encrypted files or system breach
- Parse Outlook web archives
- Examine email attachments
- Separate URLs from messages and determine whether they are malware
- Produce extensive incident documentation to satisfy your insurance carrier and compliance mandates
- List recommended improvements to shore up security vulnerabilities and enforce workflows that lower the risk of a future ransomware exploit
Progent has delivered online and onsite IT services across the United States for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's roster of SMEs includes consultants who have earned advanced certifications in foundation technologies such as Cisco networking, VMware, and major distributions of Linux. Progent's data security experts have earned industry-recognized certifications such as CISM, CISSP, and GIAC. (See certifications earned by Progent consultants). Progent also offers top-tier support in financial management and ERP applications. This broad array of skills gives Progent the ability to identify and integrate the undamaged pieces of your information system after a ransomware intrusion and rebuild them rapidly into a functioning network. Progent has collaborated with top cyber insurance providers including Chubb to help businesses recover from ransomware assaults.
Contact Progent about Progent's Ransomware Forensics Analysis Expertise
To find out more about how Progent can help you with ransomware forensics, call 1-800-462-8800 or see Contact Progent.