Overview of Progent's Ransomware Forensics Analysis and Reporting Services
Progent's ransomware forensics experts can capture the evidence of a ransomware attack and perform a comprehensive forensics analysis without interfering with the processes related to operational resumption and data restoration. You can utilize Progent's post-attack ransomware forensics documentation to combat subsequent ransomware assaults, assist in the restoration of lost data, and meet insurance carrier and regulatory mandates.
Ransomware forensics analysis involves tracking and describing the ransomware assault's progress throughout the targeted network from beginning to end. This history of the way a ransomware assault progressed through the network helps your IT staff to evaluate the damage and brings to light vulnerabilities in rules or processes that should be corrected to prevent later breaches. Forensic analysis is typically assigned a top priority by the insurance carrier and is typically mandated by state and industry regulations. Since forensic analysis can be time consuming, it is essential that other key activities such as operational continuity are performed in parallel. Progent has an extensive roster of information technology and security professionals with the skills needed to carry out the work of containment, operational continuity, and data recovery without interfering with forensic analysis.
Ransomware forensics is complex and calls for intimate interaction with the teams assigned to file cleanup and, if necessary, payment negotiation with the ransomware hacker. Forensics typically require the examination of all logs, registry, GPO, Active Directory, DNS servers, routers, firewalls, schedulers, and core Windows systems to check for variations.
Services associated with forensics investigation include:
- Isolate but avoid shutting down all potentially suspect devices from the system. This may involve closing all RDP ports and Internet facing network-attached storage, modifying admin credentials and user passwords, and configuring two-factor authentication to guard your backups.
- Preserve forensically valid digital images of all suspect devices so your data recovery group can get started
- Save firewall, VPN, and additional critical logs as soon as feasible
- Determine the strain of ransomware involved in the attack
- Survey each machine and storage device on the network including cloud storage for signs of compromise
- Catalog all compromised devices
- Determine the type of ransomware involved in the attack
- Review logs and user sessions in order to determine the time frame of the assault and to identify any possible lateral movement from the first compromised machine
- Identify the attack vectors used to perpetrate the ransomware attack
- Search for the creation of executables surrounding the original encrypted files or network breach
- Parse Outlook web archives
- Examine attachments
- Extract any URLs from email messages and check to see if they are malware
- Provide comprehensive incident reporting to satisfy your insurance and compliance requirements
- Document recommendations to shore up cybersecurity vulnerabilities and enforce processes that reduce the exposure to a future ransomware breach
Progent's Qualifications
Progent has provided remote and on-premises IT services across the U.S. for over two decades and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's team of SMEs includes consultants who have earned high-level certifications in foundation technology platforms including Cisco networking, VMware virtualization, and major Linux distros. Progent's cybersecurity experts have earned prestigious certifications such as CISA, CISSP, CRISC, and CMMC 2.0. (See Progent's certifications). Progent also offers guidance in financial and ERP application software. This scope of expertise gives Progent the ability to salvage and integrate the surviving pieces of your information system after a ransomware assault and rebuild them rapidly into a viable network. Progent has worked with leading insurance carriers like Chubb to assist businesses recover from ransomware attacks.
Contact Progent about Progent's Ransomware Forensics Investigation Services
To find out more about how Progent can assist you with ransomware forensics, call 1-800-462-8800 or visit Contact Progent.