Overview of Progent's Ransomware Forensics Analysis and Reporting Services in San Jose
Progent's ransomware forensics consultants can save the evidence of a ransomware attack and perform a detailed forensics investigation without disrupting the processes required for business continuity and data recovery. Your San Jose business can utilize Progent's post-attack ransomware forensics report to combat future ransomware attacks, assist in the recovery of lost data, and comply with insurance and regulatory reporting requirements.
Ransomware forensics investigation is aimed at tracking and describing the ransomware attack's storyline across the network from beginning to end. This audit trail of how a ransomware assault progressed within the network assists your IT staff to evaluate the damage and uncovers shortcomings in security policies or processes that need to be corrected to prevent future breaches. Forensic analysis is typically assigned a top priority by the cyber insurance provider and is typically mandated by state and industry regulations. Since forensic analysis can be time consuming, it is vital that other key activities like operational resumption are performed concurrently. Progent maintains an extensive team of information technology and data security professionals with the skills required to perform the work of containment, business continuity, and data recovery without disrupting forensic analysis.
Ransomware forensics analysis is arduous and calls for intimate cooperation with the teams responsible for file recovery and, if necessary, settlement negotiation with the ransomware Threat Actor. Ransomware forensics typically involve the examination of all logs, registry, Group Policy Object, AD, DNS servers, routers, firewalls, schedulers, and basic Windows systems to look for changes.
Activities associated with forensics investigation include:
- Detach but avoid shutting down all possibly affected devices from the system. This can involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, modifying admin credentials and user passwords, and configuring 2FA to secure your backups.
- Copy forensically complete digital images of all suspect devices so the data restoration group can proceed
- Save firewall, virtual private network, and additional critical logs as quickly as possible
- Establish the version of ransomware involved in the attack
- Inspect every machine and storage device on the system as well as cloud-hosted storage for signs of compromise
- Catalog all compromised devices
- Determine the type of ransomware used in the assault
- Review log activity and sessions in order to determine the time frame of the attack and to identify any possible sideways movement from the first compromised machine
- Understand the attack vectors used to carry out the ransomware assault
- Search for new executables surrounding the first encrypted files or system breach
- Parse Outlook PST files
- Examine attachments
- Extract any URLs embedded in email messages and determine whether they are malware
- Provide comprehensive incident reporting to satisfy your insurance carrier and compliance mandates
- List recommendations to close security vulnerabilities and enforce processes that reduce the exposure to a future ransomware exploit
Progent has delivered online and on-premises network services across the United States for more than 20 years and has been awarded Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity practice areas. Progent's roster of subject matter experts includes consultants who have earned high-level certifications in foundation technologies such as Cisco networking, VMware, and popular distributions of Linux. Progent's data security consultants have earned prestigious certifications such as CISM, CISSP-ISSAP, and CRISC. (See certifications earned by Progent consultants). Progent also has top-tier support in financial management and ERP software. This broad array of expertise allows Progent to identify and consolidate the surviving pieces of your information system following a ransomware intrusion and rebuild them quickly into an operational system. Progent has collaborated with top cyber insurance carriers including Chubb to assist organizations clean up after ransomware attacks.
Contact Progent about Ransomware Forensics Expertise in San Jose
To learn more about how Progent can assist your San Jose business with ransomware forensics investigation, call 1-800-462-8800 or see Contact Progent.