Incident response

IMMEDIATELY: 1) Call our emergency hotline. 2) DO NOT power off machines (wipes RAM and evidence). 3) Disconnect compromised systems from the network if possible. 4) Document everything you observe (timing, affected systems, evidence). 5) Do not delete logs or files. 6) Secure physical access to affected equipment. 7) Prepare to contact law enforcement if data is stolen. 8) Do not pay ransom without consultation.

With a retainer: pre-negotiated rates and guaranteed response SLAs (typically 20% discount vs. hourly). Without a retainer: we bill hourly ($200-400/hr depending on expertise) with 4-hour minimum for 24/7 emergencies. Retainers start at $500/month and provide priority response and pre-negotiated rates.

YES. Quebec's Law 25 requires notifying the CAI (Commission d'accès à l'information) for any incident posing risk of serious harm. You must notify affected individuals within 30 days. We guide you through all notifications, coordinate with law enforcement (RCMP, CAI) and manage communications with affected parties.

All evidence is preserved following legal chain-of-custody procedures for potential prosecution. We create forensic images of affected systems and store evidence securely. All data remains confidential. Reports are attorney-privileged when appropriate. Evidence can be provided to law enforcement as needed.

We identify the ransomware variant and coordinate with law enforcement (FBI/RCMP have decryption keys for some variants). We help you negotiate with ransom groups (if that's your choice, though it's not recommended). We establish systems to prevent re-infection and contain the threat. Data recovery depends on backups and the specific ransomware.

Containment: typically 2-6 hours for critical incidents. Investigation: 2-7 days depending on complexity. Eradication: 1-4 weeks depending on systems and artifacts. Full recovery: 2-8 weeks. Total timeline depends on incident severity, system count and backup availability. We provide estimates after initial assessment.