Overview of Progent's Ransomware Forensics and Reporting in The Woodlands
Progent's ransomware forensics experts can save the system state after a ransomware assault and perform a comprehensive forensics investigation without disrupting activity required for operational resumption and data recovery. Your The Woodlands organization can utilize Progent's ransomware forensics report to combat subsequent ransomware attacks, validate the cleanup of encrypted data, and meet insurance carrier and governmental mandates.
Ransomware forensics is aimed at discovering and documenting the ransomware attack's progress across the network from beginning to end. This audit trail of how a ransomware attack travelled within the network helps your IT staff to evaluate the damage and uncovers shortcomings in security policies or processes that should be rectified to avoid later break-ins. Forensic analysis is typically assigned a high priority by the cyber insurance carrier and is often required by government and industry regulations. Because forensics can take time, it is critical that other important activities like business continuity are executed in parallel. Progent has a large roster of information technology and data security professionals with the skills needed to perform the work of containment, business resumption, and data restoration without disrupting forensic analysis.
Ransomware forensics analysis is time consuming and calls for intimate cooperation with the teams focused on data cleanup and, if necessary, settlement negotiation with the ransomware hacker. Ransomware forensics typically require the examination of all logs, registry, Group Policy Object (GPO), AD, DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to detect changes.
Activities associated with forensics analysis include:
- Disconnect but avoid shutting down all possibly affected devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected network-attached storage, modifying admin credentials and user passwords, and implementing two-factor authentication to secure backups.
- Create forensically sound digital images of all suspect devices so the file restoration team can get started
- Preserve firewall, virtual private network, and additional key logs as quickly as possible
- Determine the type of ransomware involved in the assault
- Inspect each machine and storage device on the network as well as cloud storage for signs of encryption
- Catalog all compromised devices
- Determine the type of ransomware used in the assault
- Study log activity and user sessions in order to establish the time frame of the ransomware attack and to spot any possible sideways migration from the originally compromised system
- Understand the security gaps used to perpetrate the ransomware assault
- Look for new executables surrounding the first encrypted files or system breach
- Parse Outlook web archives
- Analyze email attachments
- Separate URLs embedded in email messages and determine if they are malware
- Provide detailed incident reporting to satisfy your insurance and compliance requirements
- Document recommendations to shore up cybersecurity gaps and enforce workflows that reduce the exposure to a future ransomware exploit
Progent's Background
Progent has provided online and onsite network services across the U.S. for more than two decades and has earned Microsoft's Gold Partner certification in the Datacenter and Cloud Productivity competencies. Progent's roster of SMEs includes professionals who have earned high-level certifications in foundation technologies such as Cisco networking, VMware, and popular distributions of Linux. Progent's cybersecurity consultants have earned prestigious certifications such as CISA, CISSP, and CRISC. (See certifications earned by Progent consultants). Progent also offers guidance in financial management and ERP application software. This breadth of skills gives Progent the ability to identify and integrate the undamaged parts of your network after a ransomware attack and reconstruct them rapidly into an operational network. Progent has worked with leading insurance carriers like Chubb to assist businesses recover from ransomware assaults.
Contact Progent about Ransomware Forensics Expertise in The Woodlands
To learn more about how Progent can help your The Woodlands business with ransomware forensics, call 1-800-462-8800 or see Contact Progent.