Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Tomorrow’s Cyber Threats Demand a Response Today

Following a breach, you need qualified cybersecurity staff to provide emergency response services.

Our managed incident response service covers analysis, containment, eradication, and recovery and can be provided remotely or on-site to reduce the impact of an incident on your organization. 

With an average of 20 years in the field, our team is ready to help.

Get in touch

SOS! Cyberattack Emergency. Get help now.

“ENHALO did not just contain our cyber incident, they assisted us with managing our media and stakeholder questions, regulatory communication requirements, and timelines.”

COO | US

View Case Study

Why ENHALO Emergency Cyber Response?

We turn your incident response plan into a proactive program that improves incident response times, lowers costs, and implements a continuous improvement process to strengthen your overall security effectiveness.

We assess your existing ability to respond to security incidents and provide recommendations to reduce the time between incident detection and resolution, ultimately lowering the probability and severity of future incidents. How do we do it?

  1. We provide an initial on-site visit assessment to understand your business, how it operates, and its challenges.
  2. Involve staff with readiness services, including incident response training/simulated exercises.
  3. Provide incident and forensic analysis details with remediation recommendations
  4. Quarterly checkpoint, remote support, and updates on the cyber threat landscape.


Download our PDF guide to our ECR services

“The best time to prepare a highly effective cyber crisis management plan is before a cyber incident occurs. Delaying it because “it happens to other organizations, not ours” is a recipe for disaster.”

Gerhard Conradie

Readiness

  • Incident response plans for gaps discovered during the gap analysis.
  • Establish a preemptive incident response plan.
  • Provide incident response workshop and training.

Response

  • Access to highly skilled security experts 24/7.
  • Rapid response to incidents, with reduced risk and costs.
  • Mitigations against operational disruption, loss of data, damage to brand and reputation.
  • Incident and forensic analysis details with remediation recommendations.
  • Monitoring social and media channels and feeding back information to the centralized incident bridge.
  • Working with the incident response team to ensure effective messaging internally and externally.

Communication

  • Communication is key to suppliers, customers, and senior management. ENHALO experts will help formulate a response to all parties.
  • Draft public and stakeholder media communications considering the breach going public, leveraging our experience in dealing with the media.

Benefits include:

  1. Gap analysis and cyber incident response planning to prepare for the inevitably cyber breach.
  2. Reduce the mean-time-to-identify (MTTI) breaches by establishing breach detection and response plans.
  3. Access to our highly skilled cybersecurity experts 24/7 to respond cost-effectively.
  4. Rapid response to incidents to limit operational disruption and brand damage.
  5. Media announcement with stakeholders and customers to control the cyber response communications.

We can help prepare your organization for the next cyberattack. Contact ENHALO today.

Get in touch Download Datasheet 
Gerhard Conradie Co-Founder and Global Head of Solutions Architecture at Enhalo

Gerhard Conradie
Asks:

“What are your top three unresolved cyber security concerns at this time?”

“After a recent ransomware attack, we knew we needed help to be better prepared for the next inevitable event. ENHALO’s monthly cyber response service ensures that our staff and our infrastructure is continuously assessed for risks and that we are prepared to respond.”

CIO | US

View Case Study

When it comes to incident and crisis management, readiness is an evolutionary state. What you were ready for yesterday may be the last thing cybercriminals have in mind today.

Deloitte

CASE STUDY

Cyber Emergency Response with ENHALO

Client – A world-leading parcel delivery network with 120,000 delivery experts operating in nearly 50 countries.

Challenge – Staff arrived at the office on a Monday morning to find their system was inaccessible.  The IT department confirmed that their systems and backups had been encrypted, and they switched into firefighting mode to try to block access to unencrypted systems.

Solution – ENHALO was contacted and established the Emergency Cyber Response bridge and coordinated the activities of all teams. Since the customer contacted ENHALO immediately we could instruct them to not shut down affected servers, but to simply disconnect them from the network. This allowed for encryption key extraction which was used for decrypting data. Existing tools were optimized to assist in reporting and defense against re-infection. ENHALO deployed a SOC to assist in information gathering and response.  Ransomware negotiations were initiated and managed by our team to ensure the lowest possible cost.  The negotiations assisted in determining if any data was exfiltrated and the potential risk and damage.

Carol Watson of ENHALO, US asks:

“Do you want Cyber Response services?”

Hi, I’m Carol. We are available to help your business ensure its cyber security.
Please get in touch with Enhalo to discuss your requirements.

“Every cybersecurity crisis creates opportunities for an organization to grow. First, by responding effectively and, second, by searching out opportunities to be better prepared.”

Gerhard Conradie

Frequently asked Cyber Emergency Response service questions

We found the encrypted files a week ago, can ENHALO help us recover?

Yes, but as time passes, more data and files are encrypted, more devices are infected, encryption keys lost, ultimately driving up both cost and damage. Immediate, yet methodical and informed action must be taken.

Are there different responses to different ransomware attacks needed?

The short answer is NO. There are several variants of ransomware that encrypt a user’s files and then demand a ransom. These variants are commonly written by different groups, known by different names and contain unique functionality designed to achieve the same overall goal. Each variant can have multiple versions and versions are often upgraded over time to add features and capabilities.

Why did my data get encrypted even though I am not an admin?

Ransomware does not require administrative privileges. Instead, it relies on the permission level the most basic user would use for accessing the organization’s data.

My server has remote desktop access to the internet, is that bad?

Absolutely, this is one of the common entry points for attackers.  They simply exploit the Remote Desktop and then access and encrypt data.  Our service continuously monitors for these entry points which are created so that they can be mitigated.

What are the most targeted file types?

The file types targeted for encryption can vary within different versions of the same ransomware and across variants, however, most include the following categories of files:

  1. Microsoft Office files (.doc, .docx, .xls, .xlsx, .ppt, .pptx, .rtf)
  2. Open Office files (.odt, .ods, .odp)
  3. Adobe PDF files
  4. Popular image files (.JPG, .PNG, raw camera files, etc.)
  5. ext files (.txt, .RTF, etc.)
  6. Database file (.sql, .dba, .mdb, .odb,. db3, .sqlite3, etc.)
  7. Compressed file (.zip, .rar, .7z, etc.)
  8. Mail files (.pst)
  9. Key files (.pem, .crt, etc.)

This list is by no means exhaustive. Some ransomware variants can target over 150 file types, and those can change over time depending on the attacker’s motivation.  Targeting backup files is another way to ensure that recovery is impossible.

How do we avoid confusion and panic-induced decisions when an attack happens?

A well-developed, pre-emptive, and rehearsed incident response plan will arm organizations with methodical and calculated responses in advance so that when issues arise, confusion and panic-induced decisions are minimized. This plan will ultimately save your organization both time and money during an incident.

Should I contact the ransomware attackers?

Definitely not. In our experience this has resulted in failed negotiations and grossly inflated ransom costs.  It is best that an experienced cyber response expert interacts with the attackers.

If ransom is paid, is recovery guaranteed?

If a ransom is paid and a decryption key is provided, keep in mind that recovering with a decryption key is seldom instantaneous. Decrypting files is a manual task, and they must be decrypted individually, which can be a painstaking and time-consuming undertaking.

In most cases, even if the criminals are paid and provide the decryption key, the recovery effort can be just as complex and strenuous as reimaging machines. That means recovery efforts could be just as costly as if the adversaries had not been paid.

Some countries are also under sanctions by the U.S. Government, and as a result, paying ransom to cybercriminals from those countries can be a federal offense.

If you have any other questions, please contact us:

Let’s Talk

Our Promise – Comprehensive, resilient cybersecurity, optimized for the unique needs you have, tools you own and threats you face.

Get in touch