GET EMERGENCY HELP NOW!

Are you currently experiencing a data breach or ransomware attack? Call Us Now!
We are available 24/7

If you are not currently under attack,
bookmark this page and save our
emergency number: 866-952-9372 extension 9

Acting quickly in response to a data breach is crucial to prevent further damage and minimize the impact on affected individuals and organizations. The first steps you take and how quickly you take them will drastically alter the level of success you have in recovering from the attack.

Take These Steps Immediately Before Doing Anything Else

PHASE 1: STOP, breathe, and analyze the situation

  1. DO NOT communicate with the attacker regardless of the threats they pose or offers they make. Time is your only advantage and keeping the attacker in the dark will buy you valuable time.
  2. Record all details of the communication from the attacker, including the message on the affected machine(s), any emails received and sent, and any .TXT files. DO NOT click any links or download any attachments.
  3. Send all details to your in-house or outsourced IT team, and your 3rd party cybersecurity services provider like 13 Layers.
  4. Call the 13 Layers team on our emergency response line at 866-952-9372 extension 9
Call Now

PHASE 2: Detection and Containment

Isolate the affected system(s) to prevent the malicious traffic or malware from spreading to other systems.

  1. Disconnect the infected devices from the network and disable any wireless connectivity, such as Wi-Fi and Bluetooth.
  2. DO NOT power them down to retain any necessary artifacts or evidence that our forensics may need.
  3. If several systems or subnets are affected, take that segment off the network at the switch level. If that is not possible, disconnect each individual system from the switch itself.
  4. After an initial compromise, malicious actors may monitor an organization’s activity to assess whether they have been detected. It’s important to isolate systems in a coordinated manner and use off-network communication methods like cell phones that aren’t connected to wifi and in-person meetings to avoid alerting the attackers. Failure to do so could cause even more problems.
  5. If your IT team is struggling with these steps, be sure to engage our Emergency Response Team immediately via phone at 866-952-9372 extension 9
Call Now

PHASE 3 – Protecting existing systems

If you’re experiencing an active ransomware attack, there are further steps you need to take to contain the attack.

  1. If you have online backups, consider disconnecting them from the network until you are sure the infection is contained.
  2. Suspend privileged and local accounts that you suspect are part of the attack.
  3. Stop any remote login sessions.
  4. Reset any compromised user accounts, including any shared local accounts and request the user to login again and activate any two-factor or multi-factor authentication. If you don’t do this, the attacker may still have persistent access to the token behind the user credentials and a password reset will be useless.
Call Now

PHASE 4 – Notify staff and stakeholders

If your organization’s email has been compromised (referred to as a a Man-In-The-Middle attack), notifying employees via an all hands meeting or via cell phone or text message is advised to avoid tipping off the attackers.

  1. Notify staff to prevent users from logging into any impacted systems.
  2. Notify the executive team and implement your existing incident response plan. If you don’t have one, immediately engage our Emergency Response Team via phone at 866-952-9372 extension 9 

Call Today

PHASE 5 – Request specialized help

  1. Engage a professional cybersecurity incident response firm with an in-house Emergency Response Team like 13 Layers. Local IT companies do not have this capability.
  2. Contact your local FBI or US Secret Service field office. Only do this if you don’t have access to a firm like 13 Layers that has direct internal connections with the FBI, NSA and CISA.
Call Now

PHASE 6 – 13 Layers to the rescue!

  1. The moment we pick up your phone call, we go to work for you. We recommend calling us at the beginning of Phase 1 above or at any other point as every minute counts.
  2. We will immediately build out a custom threatINTELLIGENCE appliance and ship it to your location within 48 hours of our phone call. Once threatINTELLIGENCE is in place, that entire segment of the network will be isolated and protected.
  3. We will then continue to lead you through the above process regardless of what point you are at to:
    • Isolate and contain the infection
    • Identify the source
    • NOT pay the ransom
    • Recover as much data as possible.
    • Prevent this from ever happening again
Call Now
Phase 1

PHASE 1: STOP, breathe, and analyze the situation

  1. DO NOT communicate with the attacker regardless of the threats they pose or offers they make. Time is your only advantage and keeping the attacker in the dark will buy you valuable time.
  2. Record all details of the communication from the attacker, including the message on the affected machine(s), any emails received and sent, and any .TXT files. DO NOT click any links or download any attachments.
  3. Send all details to your in-house or outsourced IT team, and your 3rd party cybersecurity services provider like 13 Layers.
  4. Call the 13 Layers team on our emergency response line at 866-952-9372 extension 9
Call Now
Phase 2

PHASE 2: Detection and Containment

Isolate the affected system(s) to prevent the malicious traffic or malware from spreading to other systems.

  1. Disconnect the infected devices from the network and disable any wireless connectivity, such as Wi-Fi and Bluetooth.
  2. DO NOT power them down to retain any necessary artifacts or evidence that our forensics may need.
  3. If several systems or subnets are affected, take that segment off the network at the switch level. If that is not possible, disconnect each individual system from the switch itself.
  4. After an initial compromise, malicious actors may monitor an organization’s activity to assess whether they have been detected. It’s important to isolate systems in a coordinated manner and use off-network communication methods like cell phones that aren’t connected to wifi and in-person meetings to avoid alerting the attackers. Failure to do so could cause even more problems.
  5. If your IT team is struggling with these steps, be sure to engage our Emergency Response Team immediately via phone at 866-952-9372 extension 9
Call Now
Phase 3

PHASE 3 – Protecting existing systems

If you’re experiencing an active ransomware attack, there are further steps you need to take to contain the attack.

  1. If you have online backups, consider disconnecting them from the network until you are sure the infection is contained.
  2. Suspend privileged and local accounts that you suspect are part of the attack.
  3. Stop any remote login sessions.
  4. Reset any compromised user accounts, including any shared local accounts and request the user to login again and activate any two-factor or multi-factor authentication. If you don’t do this, the attacker may still have persistent access to the token behind the user credentials and a password reset will be useless.
Call Now
Phase 4

PHASE 4 – Notify staff and stakeholders

If your organization’s email has been compromised (referred to as a a Man-In-The-Middle attack), notifying employees via an all hands meeting or via cell phone or text message is advised to avoid tipping off the attackers.

  1. Notify staff to prevent users from logging into any impacted systems.
  2. Notify the executive team and implement your existing incident response plan. If you don’t have one, immediately engage our Emergency Response Team via phone at 866-952-9372 extension 9 
Call Now
 
Phase 5

PHASE 5 – Request specialized help

  1. Engage a professional cybersecurity incident response firm with an in-house Emergency Response Team like 13 Layers. Local IT companies do not have this capability.
  2. Contact your local FBI or US Secret Service field office. Only do this if you don’t have access to a firm like 13 Layers that has direct internal connections with the FBI, NSA and CISA.
Call Now
Phase 6

PHASE 6 – 13 Layers to the rescue!

  1. The moment we pick up your phone call, we go to work for you. We recommend calling us at the beginning of Phase 1 above or at any other point as every minute counts.
  2. We will immediately build out a custom threatINTELLIGENCE appliance and ship it to your location within 48 hours of our phone call. Once threatINTELLIGENCE is in place, that entire segment of the network will be isolated and protected.
  3. We will then continue to lead you through the above process regardless of what point you are at to:
    • Isolate and contain the infection
    • Identify the source
    • NOT pay the ransom
    • Recover as much data as possible.
    • Prevent this from ever happening again
Call Now

ARE YOU EXPERIENCING A CYBERSECURITY EMERGENCY? CALL US TODAY!
866-952-9372 extension 9

Managed Cybersecurity Testimonials

{

We called him (Justin) from our car and he answered right away. He put a team together after an hour and a half. The task force from 13 Layers were on top of it and they took care of us before we even had the time to speak about money. The way they approached the [process], I was sure that it would cost us much more than that…. We were able to come back to normal operations within a couple of days, and the way they handled it was amazing. It’s rare to see anybody be able to react almost immediately. We hadn’t even taken care of any money or signed anything yet, and I came in the next morning and these guys from Kentucky were already going! The box was here within 48 hours. We were able to come back to normal operations within a couple of days, and the way they handled it was amazing.   Full Video Review Here

5
Owner
International Sign Company
{

We are honored to recommend 13 Layers to provide cyber threat security.  They have been providing outstanding service to our organization for the past three years.  The protection of cyber threats to any organization is critical to the day-to-day business and to protect data and resources. The threats are continual, and 13 Layers stops the attempted breaches on a daily basis. We have never had a breach. We trust them emphatically for our security requirements.  We unequivocally recommend you select 13 Layers as your cyber security company.

5
Major
United States Government
{

Our company was cyber-attacked with a very sophisticated Banking Trojan Virus.  The virus attempted to gain access to our servers through our individual PC’s.  Once deployed, it was a battle for 120 straight hours to protect our data.  FINALLY,  one of our staff members pulled me aside and his exact words, “this will require a level of expertise that will far exceed 98% of the industry people you will find to rectify this issue, but I know a company in that 2% and they called 13 Layers.” Immediately, I made the call to 13 Layers at 10:00 pm at night. Within the hour, the 13 Layers team were remotely logged in working on the issue.  Within 4 hours, our main threat had been limited. It didn’t take a rocket scientist to know why. I immediately hired 13 Layers. The industry knowledge, accessibility, detailed reports, and thorough explanation put my mind at ease.  I truly owe a lot more than just the bill I received from 13 Layers.

5
President
National Finanical Institution

13 Layers Cybersecurity Newsletter

What’s new and what’s hot. The latest threat intelligence from around the industry.