Cyber Incident Response | Durban & South Africa

Under Attack? We Help You Contain, Investigate, and Recover

A cyberattack is a crisis. Every minute counts - the longer you wait, the more damage is done. Ubuntu Guard provides rapid incident response for South African businesses: contain the breach, find out how it happened, and get you back to business as fast as possible.

WhatsApp Us Now — Urgent Request a Response

If You Are Under Attack Right Now

Do these three things immediately

1. Disconnect — don't shut down

Unplug affected devices from your network (ethernet and WiFi). Do NOT turn them off — this preserves forensic evidence needed to investigate the breach. Isolate, do not power off.

3. Document what you see

Take screenshots or photos of any ransom notes, error messages, or suspicious alerts before touching anything. This helps the investigation significantly.

Our Response Process

How Ubuntu Guard handles a cyber incident

Phase 1 — Contain

We immediately guide you through containing the breach to stop it spreading. For KZN clients, on-site response is available. Remote assistance starts within hours via secure video call.

Phase 2 — Investigate

We conduct a forensic investigation to determine: how the attacker got in, what they accessed or took, how long they were inside, and whether backdoors remain. You need to know the full picture.

Phase 3 — Recover & Remediate

Remove malware, close the vulnerabilities exploited, restore from clean backups, and implement measures to prevent recurrence. We also guide POPIA breach notification if required.

What You Get

Full incident response deliverables

Rapid Containment

Stop the bleeding immediately. We guide you through isolation steps and provide remote assistance within hours of your call.

Forensic Investigation Report

A written report documenting the attack timeline, the entry point, the extent of the breach, and evidence for insurance or legal purposes.

Malware Eradication

Complete removal of malware, ransomware, or attacker access tools from affected systems — with verification that no backdoors remain.

POPIA Notification Guidance

If the breach involves personal information, we guide your legal obligations under POPIA — including what to report, to whom, and by when.

The Cost of Waiting

Why speed matters in incident response

Critical

R2.2B

Lost to cybercrime in South Africa annually

Every hour a breach goes uncontained increases the damage — more data stolen, more systems encrypted, more recovery time required.

INTERPOL & University of Pretoria

207 days

Average time to identify a breach

Globally, businesses take over 200 days on average to identify a breach. Fast detection and response dramatically reduces the financial impact.

IBM Cost of a Data Breach Report

R10M

Maximum POPIA fine for breach failures

Failing to respond correctly to a breach — including not notifying the Information Regulator — can result in fines of up to R10 million under POPIA.

Protection of Personal Information Act, Section 107

Common Questions

Incident response FAQ

What should I do immediately after a cyberattack?

Disconnect affected devices from your network (do not turn them off). Contact Ubuntu Guard via WhatsApp immediately. Document what you see — take photos of ransom notes or error messages. Do not attempt to fix anything yourself until you have spoken to us.

How quickly can you respond?

We aim to respond within 2–4 hours during business hours. Remote assistance begins immediately via WhatsApp and secure video call. On-site response in KZN is available for urgent cases.

Do I need to report a data breach to regulators?

Under POPIA, if the breach involves personal information and poses a real risk of harm, you must notify the Information Regulator and affected parties as soon as reasonably possible. We guide you through this process as part of our response.

Can you recover ransomware-encrypted files?

We investigate the ransomware variant and check for available decryption tools. We also assist with recovering data from backups. We strongly advise against paying ransoms — we focus on technical recovery first.

Is incident response only for large businesses?

No. The majority of our clients are SMEs with 5–100 employees. Small businesses are frequently targeted because they lack large enterprise defences. We specialise in fast, affordable response for South African SMEs.

What does incident response cost?

Pricing depends on the scope and severity of the incident. Contact us immediately — the first call to assess the situation is free. We provide a fixed-cost estimate before starting any paid work.

Contact Us

Report a cyber incident or prepare a response plan

If you are currently under attack, WhatsApp us directly for the fastest response. Use this form to enquire about retainer agreements or proactive incident response planning.

Address

21 Lighthouse Road, uMhlanga, KwaZulu-Natal

Report an incident or enquire