Has your business been hit by ransomware?

TCDI’s expert Digital Forensics and Incident Response (DFIR) team is ready at a moment’s notice to help you get back to business quickly. 

It's important to act swiftly.

When there is a ransomware incident, it’s a race against time. A fast response can greatly minimize the spread of an infection, reduce your downtime, and lessen the cost of the cyber attack. 

It’s a common best practice to immediately identify and disconnect all compromised devices from the network and any shared storage.  This includes servers, workstations, user accounts, email accounts, and personal users’ accounts.  

In addition, it is important to forensically preserve evidence from a system as soon as an incident is suspected to help identify the root cause and its source.  Too often, incident handlers, system administrators, and others inadvertently alter the state of the machine during the investigation by overwriting critical data.

Call our Digital Forensics & Incident Response Team's 24/7 Hotline:
Contain the Threat
How do we get started?

Our team is built to be fast.  After a kick off call, our Rapid Response team will immediately get to work investigating the incident. We will identify indicators of compromise to contain the malicious actors and their tools. 

During this phase, we utilize an intelligence-driven process.  Gathering and analyzing information upfront results in a more efficient turn around time. An investigation will often reveal how the malicious actors breached your network, their lateral movement process, and what kind of malware they may be deploying. 

We then execute a custom containment strategy, unique to your organization, whilst retaining the forensic integrity of the data.  

TCDI will work with you to tailor a solution that meets your needs and ensures that your incident is properly handled.

Forensically Preserve Evidence
How did it Happen?

A forensically sound investigation requires that no major changes are made to the compromised network outside of immediate containment to prevent further propagation and lateral movement by the threat.

Forensic imaging of the affected devices is performed early in the process to preserve important evidence.  This approach allows the IR team to proceed without the risk of deleting or invalidating evidence pertinent to the investigation.

TCDI cybersecurity engineers use this evidence to:

  • Identify the threat and resolve the incident.  
  • Investigate the facts and timeline of events.
  • Uncover malicious actor activity (i.e. What did they do?).
  • Investigate for data exfiltration.
  • Provide an expert report of findings. 

While quickly resolving the incident is a top priority, there are also important considerations for the legal team involved in the incident.  TCDI helps bridge the gap for interpreting technical data and presenting facts in our finding reports. 

Although the primary reason for gathering evidence during an incident is to resolve the incident, it may also be needed for legal proceedings.  By preserving evidence from the start, our digital forensics analysts also help reduce legal liability risks.  TCDI personnel bring an in-depth expertise to the table surrounding cybersecurity regulations and compliance. 

We understand that a security incident can be an urgent and high-pressure situation.  TCDI has built a team of experts to navigate the storm with precision. 


Secure Systems
Making sure they can't get in while we fix it.

After the threat is contained, we will begin the process of ensuring systems, networks, and applications are sufficiently secure.   

These security steps could include: blocking malicious IP addresses, enterprise password changes, or implementing multifactor authentication, to name a few.

We’re here to help.  TCDI’s certified Incident Response Team has helped thousands of businesses remove threats quickly.  

Eradicate the Threat
We'll get your systems recovered quickly.

During eradication, we will deploy a tailored strategy to identify and mitigate vulnerabilities that were exploited. 

When we eradicate the threat, the enterprise will be guided to a state that restores normal day-to-day business operations.

Incidents are treated with the assumption that the malicious actors will go to great lengths to avoid detection and maintain persistence on infected systems.  They also often leave backdoors to regain access in the future.  Thus, it is paramount that the malicious actors and their threats have been fully eradicated from the network with a validated process.  

Whether it’s an infection like ransomware, business email compromise, or unauthorized access, TCDI’s certified Incident Response Team has seen (and stopped) it all.  We’re here to help you get back to business. 

Post Incident Analysis
"How did this Happen?"

Engineers will perform an analysis of the forensic evidence in a sandbox environment to help answer the question “how did this happen?,” as well as:

  • Where was the initial outbreak?
  • When did it happen?
  • How did they get in?
  • Was data stolen?
  • Who has been impacted?

Many of these questions are addressed in the formal report that also includes a summary of our investigation, findings, and detailed recommendations.

We understand that a security incident can be an urgent and high-pressure situation.  TCDI has built a team of experts to navigate the storm with precision. 


Trusted by thousands of companies across the United States.

  • This field is for validation purposes and should be left unchanged.