Rapid Triage
Senior responder on a call within the hour. Stop the bleeding now.
What you get
Good for
Same-day, remote
From USD 2,500
Emergency Response
Already under attack? We respond in minutes.
Ransomware, a hijacked inbox, a drained wallet, a live intrusion — when the crisis is already unfolding, our senior responders engage within the hour. No retainer, no procurement, no waiting. Just containment, recovery, and a clear way out.
24/7 emergency hotline
+65 8023 7677
If any of this is happening right now, call us
We engage on active crises — even if we’ve never worked together before.
- Ransomware / systems encrypted
- Business email compromise & account takeover
- Live intrusion / unknown access
- Data breach, leak or extortion
- Crypto funds drained / smart-contract exploit
- DDoS / service taken down
- Insider threat / departing employee
- Lost or stolen device with access
What happens in the first hour
A predictable, calm process when everything feels like chaos.
- 1Minute 0
You reach out
Call the hotline or hit “Get help now”. 24/7, no existing contract needed.
- 2< 60 min
Triage call
A senior responder joins, scopes severity and blast radius, and tells you what to do — and what not to touch.
- 3First hour
Contain
Isolate affected systems, revoke access, block the attacker, pause what needs pausing — stop the bleeding.
- 4Day 1+
Eradicate
Hunt and remove attacker access, persistence and tooling across your estate.
- 5Day 1+
Recover
Bring critical operations back safely, rotate secrets, and verify you’re clean.
- 6Wrap-up
Report & harden
Root-cause, a board / regulator / insurer-ready report, and a roadmap so it doesn’t happen twice.
Response packages
Start with a rapid triage, escalate as the picture clears — or lock in a guaranteed response before the next incident.
Containment Sprint
A hands-on team evicts the attacker and restores critical operations.
What you get
Good for
3–7 days, remote / onsite
Custom
Full DFIR & Recovery
End-to-end forensics and recovery, with a report that holds up under scrutiny.
What you get
Good for
1–4 weeks, blended team
Custom
Response Retainer
Lock in a guaranteed response time before the next incident hits.
What you get
Good for
Annual, on standby
From USD 12,000/yr
Fixed prices are starting points for typical scopes. Live incidents are billed transparently against an agreed rate once we’ve triaged severity — you’ll always know the cost before we escalate.
Response add-ons
Web3 / On-chain Response
Trace stolen funds, engage exchanges and bridges, pause or upgrade contracts, and coordinate white-hat recovery.
Ransomware Negotiation Support
Threat-actor assessment, decryptor validation, and negotiation guidance alongside your legal team and insurer.
Legal & Regulator Liaison
Breach-notification timelines (GDPR / PDPA), defensible evidence handling, and coordination with counsel.
Crisis Communications
Holding statements, customer and partner comms, and internal messaging when every word is under pressure.
Cyber-Insurance Coordination
Work directly with your insurer or broker on claims, panel requirements and documentation.
Threat Intel & Attribution
Actor profiling, IOC sweeps across your estate, and dark-web exposure checks.
Compare response packages
| CAPABILITY | RAPID TRIAGE | CONTAINMENT SPRINT | FULL DFIR | RETAINER |
|---|---|---|---|---|
| Response time | < 60 min | Same-day | Same-day | < 60 min SLA |
| Engagement model | Remote | Remote / onsite | Blended team | On standby |
| Containment & eviction | Guidance | Yes | Yes | Priority |
| Digital forensics | Triage | Triage | Full | Per incident |
| Recovery support | Advisory | Critical systems | Full | Per incident |
| Formal report | Summary | Incident report | Regulator-grade | Per incident |
| Hardening roadmap | — | Light | Full | Included |
| Pricing model | Fixed | Custom | Custom | Subscription |
FAQ
We’re not an existing client — can you still help?
Yes. Emergency Incident Response is built for exactly that. Call the hotline or submit the form and we triage immediately — remote containment can start the same day, with no prior contract.
How fast can you start?
A senior responder joins an emergency call within 60 minutes, 24/7. Retainer clients get a guaranteed 1-hour SLA and priority onboarding because we already know their stack.
What should we do right now, before you join?
A few things that protect your options:
- Don’t power off or wipe affected machines — you’ll destroy evidence.
- Isolate them from the network instead.
- Preserve logs and avoid tipping off the attacker.
We’ll guide the rest on the first call.
Do you work with our lawyers, insurer and regulators?
Yes. We coordinate with counsel, cyber-insurance panels and regulators, and our reports are built to withstand their scrutiny.
Can you handle Web3 / crypto incidents?
Yes. We trace stolen funds, engage exchanges and bridges, pause or upgrade contracts where possible, and coordinate white-hat recovery.
What happens after the incident?
You get a root-cause report and a prioritized hardening roadmap. Many clients then move onto our Monitoring, SOC or vCISO services so the next one never lands.
Every minute counts. Let's contain it.
Senior responders in under an hour
Contain, evict and recover — fast
Senior responders in under an hour
Contain, evict and recover — fast
Evidence preserved for legal & insurers
Hardening so it doesn't happen twice