01. Disconnect, do not shut down
Unplug affected machines from ethernet and Wi-Fi. Powering them off destroys forensic evidence we need. Isolate, do not kill.
Incident Response · Durban & South Africa
Under attack? We help you contain, investigate, and recover.
Every minute you wait, more damage gets done. We contain the breach, find out how it happened, and get you back to work. Fast.
If you are under attack right now
Three immediate actions. Nothing else.
Most damage during a breach happens in the first hour, done by people trying to help. Do these three things, then call us.
02. Call or WhatsApp us
WhatsApp +27 79 159 5040 or call 031 100 2613. We talk you through the next moves live. No need to be technical, we lead.
03. Photograph everything
Ransom notes, error messages, locked screens, popups. Photograph everything before it changes. Saves hours in the investigation.
Our response
Three phases. One goal. Back to work.
From the call to back online, we run the same playbook every time.
01
Phase one, contain (hours)
Stop the bleeding. We guide your team through isolation live. Remote support starts immediately, on-site in KZN if needed.
02
Phase two, investigate (1 to 3 days)
How did they get in? What did they touch? Any backdoors left behind? Forensic investigation gives you hard answers, not guesses.
03
Phase three, recover and harden
Remove malware and attacker access, close the holes they used, restore from clean backups. If POPIA notification is triggered, we guide that too.
What you get
A full response, not just first aid
We do not patch and leave. The job ends when you have answers, evidence, and a hardened business.
Rapid containment
Stop the spread inside hours. Live guidance from a real human, plus remote tools to lock things down while you coordinate staff.
Forensic report
Written timeline of the attack, entry point, scope, and evidence formatted for insurance claims or legal proceedings.
Malware eradication
Full removal of malware, ransomware, and persistence mechanisms, with verification that no backdoor is still hiding.
POPIA notification guidance
If personal data was touched, we walk you through POPIA obligations: what to report, to whom, by when, and how to word it.
The cost of waiting
Why speed actually changes the outcome
Every hour matters. The longer the breach runs, the more data moves and the bigger the recovery bill.
R2.2B
Lost to cybercrime in SA annually
Every uncontained hour adds more stolen data and more recovery cost. Speed is the cheapest defence on the table.
INTERPOL & University of Pretoria207 days
Average time to identify a breach
Globally, businesses take over 200 days to notice they have been compromised. Faster detection reduces the blast radius.
IBM Cost of a Data Breach ReportR10M
Maximum POPIA fine for breach failures
Failing to notify the Information Regulator after a breach can result in fines up to R10 million under POPIA.
POPIA, Section 107Common questions
Incident response FAQ
01 What should I do right after a cyberattack?
Disconnect affected devices from your network. Do not power them off, that destroys forensic evidence. Photograph ransom notes and strange alerts. Then WhatsApp or call us immediately. Do not try to fix it yourself first.
02 How fast can you respond?
Remote assistance starts immediately via WhatsApp or secure video call. First contact inside 2 to 4 hours during business hours. On-site response available in KZN for urgent cases.
03 Do I have to report a breach to regulators?
Under POPIA, if the breach touches personal information and creates a real risk of harm, you must notify the Information Regulator and the affected people as soon as reasonably possible. We guide that process as part of the response.
04 Can you recover ransomware files?
We identify the ransomware variant and check for a known decryption tool. We assist with recovery from clean backups. We strongly advise against paying ransoms, technical recovery is always tried first.
Contact us
Report an incident or set up a retainer
Under attack right now? WhatsApp first, it is the fastest. Use the form for retainers or proactive response planning.
WhatsApp (fastest)
+27 79 159 5040
Phone
031 100 2613
Address
21 Lighthouse Road, uMhlanga, KZN
After the dust settles
Prevent the next one
Once you are back online, the work is not done. Assess what they found, train your team, lock down POPIA. Cheaper than the next incident.