Progent's Ransomware Forensics Analysis and Reporting in Kansas City
Progent's ransomware forensics consultants can preserve the evidence of a ransomware assault and carry out a comprehensive forensics analysis without slowing down the processes related to business resumption and data recovery. Your Kansas City business can use Progent's post-attack forensics report to combat future ransomware assaults, validate the restoration of lost data, and comply with insurance carrier and regulatory requirements.
Ransomware forensics analysis involves discovering and documenting the ransomware assault's storyline throughout the network from beginning to end. This audit trail of the way a ransomware attack progressed through the network helps you to assess the impact and uncovers weaknesses in policies or processes that need to be corrected to avoid later break-ins. Forensic analysis is typically given a high priority by the cyber insurance carrier and is typically mandated by government and industry regulations. Because forensic analysis can be time consuming, it is essential that other important activities such as business resumption are pursued concurrently. Progent maintains a large roster of IT and data security professionals with the knowledge and experience needed to carry out the work of containment, business resumption, and data recovery without interfering with forensic analysis.
Ransomware forensics analysis is complex and requires close interaction with the teams focused on file restoration and, if necessary, payment discussions with the ransomware attacker. Ransomware forensics typically involve the review of logs, registry, Group Policy Object (GPO), Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to check for anomalies.
Activities involved with forensics include:
- Detach without shutting off all possibly suspect devices from the system. This can involve closing all RDP ports and Internet facing NAS storage, modifying admin credentials and user PWs, and setting up two-factor authentication to protect backups.
- Capture forensically complete digital images of all suspect devices so the file restoration team can proceed
- Save firewall, virtual private network, and other critical logs as quickly as feasible
- Identify the variety of ransomware involved in the attack
- Survey each computer and storage device on the network including cloud storage for indications of compromise
- Catalog all compromised devices
- Establish the kind of ransomware involved in the assault
- Review logs and user sessions in order to establish the timeline of the ransomware attack and to spot any possible sideways migration from the originally compromised system
- Understand the security gaps exploited to carry out the ransomware assault
- Look for new executables associated with the original encrypted files or system compromise
- Parse Outlook web archives
- Examine email attachments
- Extract URLs from messages and check to see whether they are malicious
- Provide extensive incident documentation to satisfy your insurance and compliance requirements
- Document recommended improvements to close cybersecurity gaps and improve processes that reduce the exposure to a future ransomware exploit
Progent's Qualifications
Progent has provided remote and on-premises IT services across the United States for over 20 years and has earned Microsoft's Partner certification in the Datacenter and Cloud Productivity competencies. Progent's team of SMEs includes professionals who have been awarded advanced certifications in core technologies including Cisco infrastructure, VMware virtualization, and major distributions of Linux. Progent's data security consultants have earned internationally recognized certifications including CISA, CISSP-ISSAP, and GIAC. (See certifications earned by Progent consultants). Progent also offers guidance in financial and Enterprise Resource Planning application software. This broad array of expertise gives Progent the ability to identify and integrate the surviving parts of your information system following a ransomware attack and rebuild them quickly into an operational system. Progent has collaborated with leading cyber insurance carriers like Chubb to assist organizations recover from ransomware assaults.
Contact Progent about Ransomware Forensics Analysis Expertise in Kansas City
To find out more information about how Progent can assist your Kansas City organization with ransomware forensics analysis, call 1-800-462-8800 or visit Contact Progent.