We're being attacked right now — what do we do first?

(1) Do NOT pay the ransom before talking to us. (2) Do NOT wipe or reboot affected machines — we need forensic state. (3) Isolate affected machines from the network (unplug LAN, disable Wi-Fi) but KEEP THEM POWERED ON. (4) Call our 24/7 hotline +60 17-355 5725 — we respond within 4 hours. Every minute of delay = more encryption + more lateral spread.

How fast can you respond?

4-hour response SLA for Klang Valley (KL/PJ/Selangor) — engineer on-site or remote connected within 4 hours of your call. Other Peninsular Malaysia cities: 8-hour SLA with remote engagement starting within 1 hour. East Malaysia: same-day remote, next-day on-site.

Will I have to pay the ransom?

Usually no. Our approach prioritises restoring from backups, rebuilding from snapshots, and using known decryptors (NoMoreRansom.org coalition, vendor-specific decryptors). We only advise negotiation as a last resort — and if so, through a reputable broker, never directly. Paying funds criminal groups, triggers OFAC issues, and has a ~65% data-return rate at best.

What's included in the engagement?

Phase 1 (Hours 1-4): isolation + triage. Phase 2 (Days 1-3): forensic analysis, indicator of compromise identification, scope determination. Phase 3 (Days 3-7): recovery — backup restore, clean rebuilds, credential rotation. Phase 4 (Weeks 2-4): hardening — patches, MFA rollout, EDR deployment, policy updates. Phase 5: PDPA breach notification guidance (if applicable) + insurance documentation.

Do you work with cyber insurance carriers?

Yes. We coordinate with AIG, Allianz, Zurich, Chubb, Lonpac, and local insurers on incident response coverage. Full documentation of engagement hours, IOCs, recovery steps, and chain-of-custody for any evidence handed to authorities (CyberSecurity Malaysia, MCMC, PDRM Cyber Crime unit).

Tier 1 (SME triage, 10-30 endpoints): RM15,000-25,000 flat for containment + guided recovery. Tier 2 (mid-size incident, 30-100 endpoints): RM25,000-50,000 including forensics + rebuild. Tier 3 (enterprise or data exfiltration confirmed): RM50,000-80,000+ including negotiation support and regulatory reporting. All tiers include 30-day post-incident monitoring.

What about PDPA breach notification?

Under PDPA 2024 amendments (effective June 2025), personal-data breaches must be notified to the Commissioner within 72 hours. We prepare the notification pack: incident timeline, affected data categories, number of affected data subjects, containment measures, and remediation plan. We also advise on data subject notifications where required.

After recovery — what prevents this from happening again?

Hardening package (included in Tier 2+): MFA everywhere, EDR rollout (Defender/CrowdStrike), email filter tuning, patch cadence enforcement, immutable backups (air-gapped), network segmentation, and tabletop exercises. Optional ongoing managed SOC retainer from RM15,000/mo — see our SOC-as-a-Service page.

017-355 5725

Mon-Fri 10AM-7PM

Sunway HQ (Cyberjaya Temporarily Closed)

Under attack right now?Call +60 17-355 5725 — 24/7 hotline

Malaysia Emergency Incident Response · 24/7

Ransomware RecoveryMalaysia · 4-Hour Response

Ransomware attack in progress? Immediate incident response for Malaysian SMEs. Isolation within the hour, forensic investigation, data recovery, regulatory reporting, and post-incident hardening. Don't pay the ransom — talk to us first.

Call Emergency Hotline WhatsApp Emergency

4 hours

Response SLA

24/7

Hotline

Known toolkit

Decryption rate

RM15K

From

First 60 minutes matter most

What you do in the first hour determines whether we can recover your data without paying.

Do NOT

✕DO NOT pay the ransom before we assess
✕DO NOT wipe or reinstall affected machines
✕DO NOT reboot encrypted machines
✕DO NOT delete ransom notes or malware files
✕DO NOT connect USB drives or personal devices
✕DO NOT ignore — 72h PDPA notification clock starts at awareness

Do This Now

Unplug LAN cable + disable Wi-Fi on affected machines
Keep machines powered ON (preserves forensic state)
Call our 24/7 hotline: +60 17-355 5725
Photograph ransom notes with a phone
Identify who has backup admin credentials
Gather list of recently opened attachments/links

Our 5-phase recovery framework

Proven SANS-aligned incident response playbook adapted for Malaysian SMEs.

Phase 1Hours 1-4

Isolation + Triage

Network isolation, affected scope determination, threat actor identification, backup state verification.

Phase 2Days 1-3

Forensic Investigation

Indicator of compromise analysis, initial access vector, lateral movement mapping, data exfiltration assessment.

Phase 3Days 3-7

Recovery + Rebuild

Clean rebuild of affected systems, restore from verified backups, credential rotation, MFA enforcement.

Phase 4Weeks 2-4

Hardening

Patch cadence, EDR deployment, email security tuning, immutable backups, network segmentation, policy updates.

Phase 5Ongoing

Regulatory + Insurance

PDPA breach notification prep, cyber insurance documentation, CyberSecurity Malaysia + MCMC reporting where required.

Request a response engagement

For active attacks, call the hotline first. This form is for post-incident hardening or tabletop exercises.

Get Your Free Quote

Fill in your details and we'll respond within 2 hours.

Quote Preview

Completion0%

Response within 2 hours

Frequently asked questions

Prevent the next attack

Post-recovery, enroll in our 24/7 SOC-as-a-Service. MDR, threat hunting, and real-time alerting from RM15K/mo.

Emergency: 017-355 5725 See 24/7 SOC Services

Ransomware RecoveryMalaysia · 4-Hour Response

First 60 minutes matter most

Do NOT

Do This Now

Our 5-phase recovery framework

Isolation + Triage

Forensic Investigation

Recovery + Rebuild

Hardening

Regulatory + Insurance

Request a response engagement

Get Your Free Quote

Quote Preview

Frequently asked questions

We're being attacked right now — what do we do first?

How fast can you respond?

Will I have to pay the ransom?

What's included in the engagement?

Do you work with cyber insurance carriers?

What does it cost?

What about PDPA breach notification?

After recovery — what prevents this from happening again?

Prevent the next attack

Ransomware RecoveryMalaysia · 4-Hour Response

First 60 minutes matter most

Do NOT

Do This Now

Our 5-phase recovery framework

Isolation + Triage

Forensic Investigation

Recovery + Rebuild

Hardening

Regulatory + Insurance

Request a response engagement

Get Your Free Quote

Quote Preview

Frequently asked questions

We're being attacked right now — what do we do first?

How fast can you respond?

Will I have to pay the ransom?

What's included in the engagement?

Do you work with cyber insurance carriers?

What does it cost?

What about PDPA breach notification?

After recovery — what prevents this from happening again?

Prevent the next attack