The first 15 minutes - what TO DO, and what NOT to do
What you do in the first fifteen minutes determines how much the attack will cost. Follow these rules while you wait for our call.
DO
- Isolate infected devices from the network - unplug the network cable or turn off Wi-Fi to stop the spread to other computers and servers.
- Preserve evidence - photograph ransom messages, strange windows and anything unusual you see on the screen.
- Record the time - note when you noticed the attack and exactly what happened, step by step.
- Notify the responsible people - warn colleagues not to open suspicious attachments and links.
DO NOT
- Do not pay the ransom before consulting us - paying does not guarantee data recovery and often makes you a target for new attacks.
- DO NOT shut down infected computers - powering off loses key evidence in memory that helps us identify the attacker.
- Do not delete anything - not messages, files or logs; everything is potential evidence for forensics and recovery.
- Do not forward suspicious emails - not even to colleagues as a warning; doing so spreads the threat.
Call now 063 088 488 or fill out the form below - we respond within minutes.
How we respond
- Triage and assessment - within minutes we determine the type of attack, the scope of the infection and what is at risk, and we set priorities.
- Isolation and containment - we separate infected systems, cut off the attacker's access and stop the damage from spreading.
- Threat removal - cleaning malicious code, closing entry points and removing all traces of the attacker.
- System recovery - we safely restore data and services from clean backups and verify their integrity.
- Forensics and report - we determine how the attack happened, what was leaked and provide clear recommendations to prevent a recurrence.
Types of attacks we handle
- Ransomware and locked files - encrypted data and ransom messages.
- Phishing and BEC fraud - fake emails and business email compromise scams.
- Intrusion and unauthorized access - an attacker inside your network or systems.
- DDoS attacks - overload and downtime of your websites and services.
- Data leaks and theft - confidential data exposed or published.
- Compromised email and accounts - hijacked user accounts and credentials.
Frequently asked questions
We are locked by ransomware, what now?
Immediately isolate the infected devices from the network, but DO NOT shut them down, because doing so loses evidence. Do not pay the ransom before you contact us. Call 063 088 488 and our team immediately starts triage, stops the spread and assesses the options for recovering data from backups.
Should we pay the ransom?
Not before consulting us. Paying does not guarantee data recovery, may be legally problematic and makes you a target for future attacks. In many cases the data can be recovered without paying. First we assess the situation, and only then do we decide together on the safest course of action.
How quickly do you respond?
We respond to emergency calls within minutes. As soon as you contact us, we begin remote triage and immediately initiate isolation measures to stop the attack from spreading until a full response is established.
Do you operate 24/7?
Yes. Our emergency cyber team is available around the clock, seven days a week, including weekends and holidays. Attacks most often happen outside business hours, so that is when we are by your side. Call 063 088 488 at any time.
What if an email or data has been leaked?
We immediately change compromised passwords, enable two-factor protection and cut off the attacker's access. We forensically determine exactly what was leaked, advise on legal notification obligations and help limit the damage toward your clients and partners.