Fenix24 Ransomware Restoration–Innovating to Reduce the Greatest Expense in Cyber Incidents: Downtime

Additional Info

Company size (employees)50 to 99
Headquarters RegionNorth America
Type of solutionService


Since April of this year, one company, Fenix24, has been re-inventing the time-worn processes that incident responders use after an attack is identified, working collaboratively with some of the most trusted brands in cybersecurity. They were bold enough to say: “There’s a better way to do this.” They pioneered a new, collaborative approach that has been embraced by some of the most trusted names in incident response, has helped 122 customers in just nine months of operations and is shaving up to 50% off the downtime experienced by their clients.

Traditional incident response (IR) processes usually involve a breach coach bringing in Digital Forensic and Incident Response (DFIR) teams immediately after an incident like ransomware to lead the response. For weeks to months, inadequately trained IT teams working with experts primarily focused on forensics make critical decisions about restoration and take steps that affect the organization’s outlook for timely restoration. By waiting to bring restoration experts in until the end of the process their chances of guiding the optimal scenario is long gone.

The experts at Fenix24 remodeled the process. They are an active part of the initial response team, gaining remote access to client systems, triaging issues, deploying advanced Endpoint Detection and Response (EDR) tools, and capturing the data DFIR teams need before they can begin to do their forensics work. At the same time, they are leading the response, determining the best strategies for recovery, ensuring essential business data is retained, and working to restore systems.

Shortly after its formation, Fenix24 announced a combined service in partnership with Palo Alto Networks. Fenix24 has also introduced a partnership solution with the elite teams at CrowdStrike, GuidePoint Security, Mandiant, and Kivu Consulting.

How we are different

• The Fenix24 team has innovated a new incident response process that has shaved up to 50% of the downtime experienced by clients—and downtime is the costliest component of breaches—greatly benefiting organizations, breach coaches, cyber insurance carriers, and DFIR teams who need data to do their jobs.
• Their process has been embraced by leading cybersecurity companies: the elite teams at CrowdStrike, GuidePoint Security, Mandiant, and Kivu Consulting are now offering partnership solutions with Fenix24.
• The solution has seen phenomenal success: since its introduction in April, Fenix24 has seen 650% revenue growth and 400% growth in headcount (and still climbing).