Incident Response 24/7

There is a good chance that the cyber incident was caused by malware - more specifically: ransomware. We want to prevent malware from spreading. That is why we isolate the affected systems or networks. What we do depends on the nature and scope of the incident. We:

• Disconnect affected systems or networks from the Internet or other networks
• Block access to affected systems
• Implement workarounds to mitigate the impact of the incident

As an incident evolves, we sometimes discover new entry points that attackers can use or may have used. It is important to close these gaps. That's why we repair vulnerabilities, install patches, reconfigure systems and change passwords.

We then remove any malicious software, remote access tools, or code that caused the incident. The specific steps again depend on the nature of the incident. We:

• Run malware scans to identify and remove malicious software or code
• Reset affected systems to ensure all malicious code has been removed
• Delete any unauthorized user accounts
• Monitor network activity to see if the criminal is still leaving traces

It is important to restore business operations as soon as possible. That's why we:

• Restore backups to recover lost or damaged data
• Reconfigure affected systems to ensure they function properly
• Test and validate to ensure all systems are functioning properly
• Monitor systems and networks for signs of other incidents or attacks
• Negotiate with cybercriminals - this is a last resort