When a decryption tool fails to work it can be devastating for ransomware victims. In this blog, we'll walk you through a method MOXFIVE working with our colleagues at Coveware identified to repair these corrupted files in some circumstances.

Backups are maybe the single strongest element to ransomware resilience. But during real cyber events, we often see backups that are unusable. Victims have often paid for a backup product – and developed a sense of confidence around that solution – only for the backups to fail when they are most needed.

The start of the new year is a fantastic time to set new goals for yourself and your organization. In this post we explore cybersecurity roadmaps, how your organization can refine / create one, and what items to consider in 2025.

Despite its growing role in incident response, understanding cybersecurity insurance coverage can still be daunting for many organizations. In this blog, we discuss what cybersecurity insurance is, what to look for within your policy, and what is not typically covered by most policies to help you feel more prepared when submitting a claim.

Here's a quick look at cybersecurity initiatives to think about tackling in Q4 or integrating into your roadmap for this upcoming year.

How do you assess the risk to your organization when a new vulnerability is announced? Here's a quick checklist to help you gauge the severity.

Do we recover first or harden security?

Should you pay the ransom? It depends.

A short list of things to keep in mind when dealing the ransomware decryptors.

Having proper security controls in place are critical to preventing both the frequency and severity of cyber incidents.

Cybersecurity training is often treated as a task done simply to check a box on a security checklist, but in reality, it's a critical element of a mature cybersecurity program.

In this 7th post in our Understanding Costs of Incident Response series, we will explore the nuances of counsel and litigation costs in incident response and why they should be an integral part of an organization's cybersecurity planning.

Calculating business interruption costs after a cyber-attack can be complex and make insurance claims more complicated.

Understanding what data has been affected and determining a notification plan is a critical aspect of incident response that comes with substantial costs and complexities.

Recovery is the “meat & potatoes” of the incident response process. In the 4th blog of our series, Understanding the Costs of Incident Response, we look at the three primary paths organizations can take to get back to business as usual, each with its own unique set of challenges.

To Pay or not to Pay? In this post, we look at things to consider when deciding whether or not to pay a ransom and why it may not be the "easy button" many think it is.

In the second post of this series, we look at investigation costs. These are the first costs incurred and the investigation lays the foundation for the rest of the IR process.

In this series, we look at the various costs that may be incurred during a typical ransomware incident and discuss key security controls that can help organizations minimize the impact of a cyber-attack.

As cyber threats evolve, understanding the changing cyber insurance market is essential for organizations to ensure adequate coverage. This article for InsuranceNewsNet.com looks at key points to keep in mind when considering a cyber policy.

Jim Aldridge joins our partners at Airiam on their podcast to discuss parallels he sees between flying a plane and successfully preparing for and responding to cybersecurity incidents.

In Part Two of our blog with CrowdStrike, we share proven strategies and techniques for effective large-scale remediation efforts.

When an incident progresses to the point where enterprise remediation is required, the scope and scale of the response can be daunting. In this two-part series with CrowdStrike, we lay out a roadmap from planning to recovery.

Can new AI models such as ChatGPT be used to help cybersecurity teams? Yes! Here are three quick use cases.

In this blog, we look at 8 examples of best practices that can be implemented to provide for a more resilient architecture.

Our inaugural edition provides context around themes that impacted cybersecurity risk during the first half of 2022. Derived from providing forensics, recovery and resilience services through our platform, our goal is to provide a deeper understanding of the current cyber threat landscape and help organizations make better, more informed decisions.

When responding to a ransomware incident, making the right decisions is critical and can make the difference between an easier path or a harder one. In this blog, we tell the tales of two clients and lessons learned so you can avoid the hard path.

Picking a forensics provider is one of the first critical decisions you have to make when faced with a cyber incident. In this blog, we cover the capabilities to consider when evaluating a potential provider.

Security, like chess, relies on having a variety of strategies and tactics to use for countering your opponent. This blog offers a variety of options to consider when devising your own plans to outwit your adversaries.

Business Email Compromises (BECs) continue to be the one of the top attack vectors, costing organizations over $2.3 billion in 2021. In this blog, we share priorities and key methodologies for investigating these attacks.

Host-based microsegmentation offers a wide range of advantages over legacy counterparts allowing organizations to apply segmentation at much deeper granularity including host, user, or application levels.

Logs are critical sources for forensics investigations. This blog looks at various log sources and the key takeaways to consider when building the retention strategy that's best for your organization.

Our MOXFIVE Incident Managers are critical to every project we manage at MOXFIVE. Learn more about their role and how they enable everyone in the process to focus on what they do best.

Gaining access to Active Directory is often a goal of threat actors during an intrusion. In this blog, we look at two key workstreams that add security layers making it more difficult for threat actors to achieve this goal.

The worst of the Log4j fire drill might be behind us (for now), but the opportunity for new exploits still remains. Learn how a Software Bill of Materials (SBOM) and other best practices can help reduce future impacts and improve your overall security posture.

In Part 2 of our Improving Cybersecurity Resilience blogs, we cover five additional capabilities that round out the list of security basics that we believe all organizations should implement.

Credentials being stolen, reused, or even guessed often leads to an intrusion, or turns what could have been a small incident into an enterprise-wide issue. Multifactor Authentication (MFA) is a critical layer of protection to help minimize this risk.

MOXFIVE recommends these six capabilities as a starting point for improving resilience due to their outsize contribution to reducing risk and mitigating damage.

Regulations abound and new ones are added all the time, but breaches still happen. Why? Because compliance frameworks are flawed and do not get into the technical weeds on effective implementation. There is an opportunity for the insurance industry to help drive things forward, especially for SMBs.

Enabling Local Administrator Password Solution (LAPS) can help greatly reduce the blast radius of a cyber-attack and is a quick and simple process for most environments.

Using cloud-based services can help not only lift the burden of day-to-day IT and security tasks, but they can also provide a significant benefit when dealing with a ransomware attack.

Finding the right balance between containment, recovery and forensics workstreams is the key to faster and more effective incident response.

The lines between forensics and recovery can easily blur during incident response. Using an approach that delivers both in parallel helps minimize business interruption and get organizations back online more quickly.

Building threat hunting skills within your team can help prevent burnout, up-level skills and give your team a broader understanding of your security environment.

Learn how MOXFIVE's platform-based approach to incident management drives increased efficacy and quicker resolution of complex challenges while also reducing costs and making life easier for all parties involved.

This year’s Colonial Pipeline breach turned a spotlight on the debate over whether or not cyber ransoms should be paid by victims of these attacks. This blog examines why we think payment bans are bad policy.

Open-source software is used in a wide variety of projects, including the recent Mars helicopter, Ingenuity! In this blog, we take a look at the open-source network security solution, pfSense, and the many ways it can be used.

To effectively respond to a cybersecurity incident, having complete visibility into all assets (endpoint devices, applications, user accounts) across your IT estate is a critical success factor for recovering quickly and minimizing business disruption.

In July 2019 we posted our inaugural blog and introduced our idea of how a Technical Advisor could help companies better manage the incident response process. Two years (and hundreds of incidents) later, we've learned many lessons that help our clients recover quickly and effectively.

Tabletops can help improve organizational awareness and streamline Incident Response efforts. Learn how they can help mature your security posture and develop your teams' skills.

Fusing the efforts of your red and blue teams by implementing a purple team approach enables analysts to cross-train, collaborate, and respond more effectively during an incident.

Four questions to ask if you're considering adding an upgrade to an in-progress recovery effort.

Recovering from a cyber incident is a complicated and challenging process. Read our top 6 factors that can help determine whether the recovery process runs smoothly... or not.

Changes in the cyber insurance industry are driving a change in how organizations are investing in security.

Every pilot learns the mantra "Aviate. Navigate. Communicate." during their initial flight training. Easy to remember in a crisis and it helps remind the pilot of the order of priorities required to execute an optimal recovery.

Has the rise of ransomware distracted us away from the true issue at hand? Encrypted files, corrupted applications, deleted backups, and ...

Over the last couple of weeks, we have all watched the details surrounding the SolarWinds attack unfold. The full scope of the attack wil...

Prioritize efforts, consolidate focus, succeed.

Does your organization have everything it needs to be prepared for a ransomware incident?

Threat actors can deploy, ransomware without the need to build or manage underlying infrastructure.

See how we assess an organization’s security risk and ability to prevent ransomware attacks.

Sleep Soundly with Good Backups!

For every ransomware incident MOXFIVE has assisted with, the primary concern during recovery has been the health of the core infrastructure

MOXFIVE’s “Break Glass” Strategy to Recovering from a Ransomware Attack Ransomware events can be the worst experience for any person

Over the last year, insurance carriers have looked for innovative ways to expand coverage. One such area is coverage around “bricking”. A...

Understanding the role of Endpoint Technology in Incident Response

Cyber claims have departed from lost laptops and basic malware claims and the industry is now realizing that it's less prepared to deal with