Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Tomorrow’s Cyber Threats Demand a Response Today

Following a breach, you need qualified cybersecurity staff to provide emergency response services.

Our managed incident response service covers analysis, containment, eradication, and recovery and can be provided remotely or on-site to reduce the impact of an incident on your organization.

With an average of 20 years in the field, our team is ready to help.

SOS! Cyberattack Emergency. Get help now.

“ENHALO did not just contain our cyber incident, they assisted us with managing our media and stakeholder questions, regulatory communication requirements, and timelines.”

COO | US

Why ENHALO Emergency Cyber Response?

We turn your incident response plan into a proactive program that improves incident response times, lowers costs, and implements a continuous improvement process to strengthen your overall security effectiveness. We assess your existing ability to respond to security incidents and provide recommendations to reduce the time between incident detection and resolution, ultimately lowering the probability and severity of future incidents. How do we do it?
  1. We provide an initial on-site visit assessment to understand your business, how it operates, and its challenges.

  2. Involve staff with readiness services, including incident response training/simulated exercises.

  3. Provide incident and forensic analysis details with remediation recommendations

  4. Quarterly checkpoint, remote support, and updates on the cyber threat landscape.

“The best time to prepare a highly effective cyber crisis management plan is before a cyber incident occurs. Delaying it because “it happens to other organizations, not ours” is a recipe for disaster.”

Gerhard Conradie

Readiness

Response

Communication

Benefits include:

    1. Gap analysis and cyber incident response planning to prepare for the inevitably cyber breach.

    2. Reduce the mean-time-to-identify (MTTI) breaches by establishing breach detection and response plans.

    3. Access to our highly skilled cybersecurity experts 24/7 to respond cost-effectively.

    4. Rapid response to incidents to limit operational disruption and brand damage.

    5. Media announcement with stakeholders and customers to control the cyber response communications.

We can help prepare your organization for the next cyberattack. Contact ENHALO today.

Gerhard Conradie Asks:

Gerhard Conradie Asks:

“What are your top three unresolved cyber security concerns at this time?”

“After a recent ransomware attack, we knew we needed help to be better prepared for the next inevitable event. ENHALO’s monthly cyber response service ensures that our staff and our infrastructure is continuously assessed for risks and that we are prepared to respond.”

CIO | US

When it comes to incident and crisis management, readiness is an evolutionary state. What you were ready for yesterday may be the last thing cybercriminals have in mind today.

CASE STUDY

Cyber Emergency Response with ENHALO

Client – A world-leading parcel delivery network with 120,000 delivery experts operating in nearly 50 countries.

Challenge – Staff arrived at the office on a Monday morning to find their system was inaccessible.  The IT department confirmed that their systems and backups had been encrypted, and they switched into firefighting mode to try to block access to unencrypted systems.

Solution – ENHALO was contacted and established the Emergency Cyber Response bridge and coordinated the activities of all teams. Since the customer contacted ENHALO immediately we could instruct them to not shut down affected servers, but to simply disconnect them from the network. This allowed for encryption key extraction which was used for decrypting data. Existing tools were optimized to assist in reporting and defense against re-infection. ENHALO deployed a SOC to assist in information gathering and response.  Ransomware negotiations were initiated and managed by our team to ensure the lowest possible cost.  The negotiations assisted in determining if any data was exfiltrated and the potential risk and damage.

Carol Watson of ENHALO, US asks:

Carol Watson of ENHALO, US asks:

“Do you want Cyber Response services?”

Hi, I’m Carol. We are available to help your business ensure its cyber security. Please get in touch with Enhalo to discuss your requirements.

“Every cybersecurity crisis creates opportunities for an organization to grow. First, by responding effectively and, second, by searching out opportunities to be better prepared.”

Gerhard Conradie

Frequently asked Cyber Emergency Response service questions

Yes, but as time passes, more data and files are encrypted, more devices are infected, encryption keys lost, ultimately driving up both cost and damage. Immediate, yet methodical and informed action must be taken.

The short answer is NO. There are several variants of ransomware that encrypt a user’s files and then demand a ransom. These variants are commonly written by different groups, known by different names and contain unique functionality designed to achieve the same overall goal. Each variant can have multiple versions and versions are often upgraded over time to add features and capabilities.

Ransomware does not require administrative privileges. Instead, it relies on the permission level the most basic user would use for accessing the organization’s data.

Absolutely, this is one of the common entry points for attackers. They simply exploit the Remote Desktop and then access and encrypt data. Our service continuously monitors for these entry points which are created so that they can be mitigated.

The file types targeted for encryption can vary within different versions of the same ransomware and across variants, however, most include the following categories of files:

  1. Microsoft Office files (.doc, .docx, .xls, .xlsx, .ppt, .pptx, .rtf)
  2. Open Office files (.odt, .ods, .odp)
  3. Adobe PDF files
  4. Popular image files (.JPG, .PNG, raw camera files, etc.)
  5. ext files (.txt, .RTF, etc.)
  6. Database file (.sql, .dba, .mdb, .odb,. db3, .sqlite3, etc.)
  7. Compressed file (.zip, .rar, .7z, etc.)
  8. Mail files (.pst)
  9. Key files (.pem, .crt, etc.)

This list is by no means exhaustive. Some ransomware variants can target over 150 file types, and those can change over time depending on the attacker’s motivation.  Targeting backup files is another way to ensure that recovery is impossible.

A well-developed, pre-emptive, and rehearsed incident response plan will arm organizations with methodical and calculated responses in advance so that when issues arise, confusion and panic-induced decisions are minimized. This plan will ultimately save your organization both time and money during an incident.

Definitely not. In our experience this has resulted in failed negotiations and grossly inflated ransom costs. It is best that an experienced cyber response expert interacts with the attackers.

If a ransom is paid and a decryption key is provided, keep in mind that recovering with a decryption key is seldom instantaneous. Decrypting files is a manual task, and they must be decrypted individually, which can be a painstaking and time-consuming undertaking.

In most cases, even if the criminals are paid and provide the decryption key, the recovery effort can be just as complex and strenuous as reimaging machines. That means recovery efforts could be just as costly as if the adversaries had not been paid.

Some countries are also under sanctions by the U.S. Government, and as a result, paying ransom to cybercriminals from those countries can be a federal offense.

If you have any other questions, please contact us:

Let's Talk

Our Promise – Comprehensive, resilient cybersecurity, optimized for the unique needs you have, tools
you own and threats you face.

Get In Touch

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: