Incident Response

Ransomware on Saturday - Company Lost 3 Weeks of Production

An automotive parts manufacturer was hit by ransomware on Saturday at 11:15 PM. IT noticed on Monday at 8:00 AM - 33 hours after the attack started. 90% of production systems and backups were encrypted. There was no IR procedure or contact for specialists. Downtime: 3 weeks. Cost: €2.8 million + lost contracts.

Without Incident Response procedures:

• Chaos and panic - no one knows what to do first
• Evidence loss due to unskilled actions
• Extended downtime (average 21 days for ransomware)
• No report for insurer = claim denial
• Non-compliance with NIS2 requirements (mandatory incident reporting within 24h)

Professional Response from Minute One

We don’t experiment on your production systems. Our team has experience in hundreds of incidents - from ransomware through APT to insider threats. We operate according to proven playbooks, preserve evidence, and document every step.

What you get:

• Immediate 24/7/365 response (phone, email, dedicated channel)
• Triage and situation assessment within the first hour
• Containment - threat isolation without destroying evidence
• Forensic analysis (digital forensics) maintaining chain of custody
• Attack vector identification, timeline, and compromise scope
• Safe threat eradication (malware, backdoors, accounts)
• Recovery support - system restoration and verification
• Final report for management, authorities (CSIRT, law enforcement), and insurer
• Preventive recommendations (lessons learned)

Who Is It For?

This service is for you if:

• You have an active incident NOW (ransomware, intrusions, data breach)
• You’re subject to NIS2 and need incident reporting procedures
• You want an IR retainer - guaranteed response time
• You have cyber insurance and want to meet its requirements
• You need forensic analysis after an incident (for court, regulator)

When Do You Need Incident Response?

Attacks and Intrusions

• Ransomware - encrypted files, ransom demand
• System intrusions - unauthorized access, backdoors
• Malware and viruses - infections, botnet, cryptominers
• Successful phishing - compromised accounts, fraud
• DDoS attack - service unavailability

Data Breaches

• Personal data leak - mandatory GDPR notification within 72h
• Intellectual property theft - know-how loss
• Account compromise - hijacked admin accounts, VIP email
• Data exfiltration - suspected leak to competitors

Suspicious Activities

• Unusual network traffic - C2 communication, suspicious connections
• Log anomalies - unknown logins, unusual hours
• Security system alerts - EDR, SIEM, IDS/IPS
• Employee report - suspicious emails, files, behavior

Engagement Models

Ad-Hoc Incident Response

One-time assistance with an active incident:

• Payment for actual hours worked
• Rate: €120-190/h (depending on time and criticality)
• Response start: up to 4 business hours
• For companies without IR retainer

When: You have an incident NOW and can’t wait

Incident Response Retainer

Subscription ensuring team readiness:

• Guaranteed response time (15-60 minutes)
• Preferential hourly rates
• Hour package included in subscription
• Regular exercises and procedure tests (tabletop exercises)
• Playbook preparation for typical scenarios
• 24/7 hotline available

Price: from €1,900/month | For: Companies with NIS2 requirements, critical sectors

IR Procedure Development

Building incident response readiness:

• Procedure and playbook development
• Role and responsibility definition (RACI)
• Tool configuration (SIEM, EDR, communication)
• IT team training
• Tabletop exercises and incident simulations
• Cyber insurer integration

Time: 4-8 weeks | Price from: €14,000