Cybersecurity Response Services
Professional Incident Recovery & Ransomware Response
Cyber attackers will gain access to and remain embedded on an insecure system for months while remaining undetected. Using their covert presence, they'll begin to siphon off data while mapping out the network and stealing credentials to further embed themselves in the technological assets. When facing an actor that has breached past the existing security defenses of an organization, the response must be swift and whole. Unfortunately, most breaches are only made aware of upon the discovery of data loss, ransomware, financial or crypto theft, or blackmail.
A cyberattack can bring an entire business to a halt;
Response time is critical to a successful recovery.
Molloy DSG takes a proactive approach to this reactionary state, determining the root cause, mitigations, and potential culpability. The fact is, in 2025 no organization has an excuse for being breached; mitigations exist to harden all the common attack vectors. Response to an event and the mitigations in place after are of equal importance.
Intrusion response is comprised of a playbook that can be summed up as a wholistic approach. Molloy DSG takes the appropriate steps to ensure the highest likelihood of recovery with minimal downtime.
What goes into ransomware response?
- Isolate affected nodes from each other, and affected network from the internet
- Notify appropriate departments (treasurer/accounting, HR, executive, etc.)
- Determine the highest permissions available to the attacker
- Further examine the depth of intrusion and take countermeasures where necessary
- Determine affected configuration, snapshot, and user data availability
- If ransomware'd, determine if necessary to fulfill ransom
- Save logfiles for forensic examination to determine breach scope and root causes
- Take action to wipe and restore any devices critical to core functionality
- Restore snapshots of servers and core operating environments
- Reprovision all client devices and anything downstream
- Verify access provisionings for all tertiary services and providers
- State of information technology system must be verified as safe before going online
- Root cause must be determined and mitigation put in place
Network and system intrusions must be delt with immediately and all data kept for examination to determine several factors such as the vector and method of attack, evidence of exfiltration, chances of a remaining infection, accesses to external or subsidiary services, access or exfiltration of any data, and to assess any damages to data in the system. Without a proactive approach, a second attack could take a business out for good.
Don't risk millions of dollars and years of progress;
Ensure the keys to business survival are in place.
With cloud computing platforms like Azure becoming more popular among businesses, infrastructure security is often taken for granted. Without a physical plug to rip from the wall during a hack, any server administrator must resign themselves to some level of complicity in trusting the provider's security mechanisms that are in place are good enough to protect production data and environments, and very importantly, data backups. Cold storage backups are not as common as in the olden years; no longer does an admin put a tape in the safe every Friday. Blind trust in cloud services not to ever be compromised or available can be a root cause for a cybersecurity event that can instantly wipe an organization off the map.
Hackers work night and day attempting to infiltrate;
That potentially means "fine today, gone tomorrow."
In 2025 there is less risk of being hacked when systems are designed toward best-practice standards. With that in mind, there's a substantial value to having that tape drive backup in place anyway. We also exist in the age of machine learning, which poses a whole new level of attacker that can work more fiercely than ever before to breach a system. Reduce the element of substantial risk to business data by identifying and eliminating liabilities and implementing a solid disaster recovery plan.
AI toolkits are now leveraged by hackers;
The next generation of adversary is here.
Is your organization safe from the threat of a targeted attack? Adversarys use advanced techniques on their targets, such as leveraging AI to quickly gain a maximum amount of data about a target or utilizing an adaptive approach to the infiltration process to more expediciously gain access to a system. AI is used in the generation of phishing campaigns, allowing for more sophisticated and personalized attacks. The amount of information out there on the dark web about normal people that is available to adversarial actors is massive and unsurprising; thus, the personalization of the attacks can be downright creepy. It's important for a team to cross-train on identification of out-of-process targeted phishing attempts in order to reduce this liability.
Phishing emails now account for 1.2% of all email traffic;
Phishing test failure rates can be as high as 1 in 5!
Even without phishing an organization, an attacker can gain access from other ways such as via vulnerabilities in services exposed on the internet, through a PDF virus exploit, or countless other means. MDSG can talk about the various standard intrusion vectors all day.
Feel safe running on bad IT decisions?
These are common compromise scenarios:
- Brute-forcing exposed devices or services
- Scanning for vulnerabilities exposed to the internet
- PDF exploit containing trojan software
- The old reliable parking lot thumb drive
- Personal devices connected to infrastructure
- Exploit via a mobile device
- Socially-engineered access elevation
- Via access to an insecure shared credential
- Using a keylogger on an outside associated device
- By way of a compromised internal software library
- By way of an outsider with a USB drive
- Via use of a "forgotten" internal device
- Via a relationship with an insider
- Rouge employee access scheme sabotage
- The ways are virtually endless
Are you recovering from a security event?
Use survival as the catalyst for change.
The first thing most decisionmakers would like to do in a cybersecurity response situation is to ask the incumbent MSP to do a post-mortem report which presents a conflict of interest that will ruin any subsequent investigations. It's important the managed services provider is not made aware of the intent to utilize a third party for the incident review and discovery phase. Armed with the knowledge an investigation is coming, an MSP team can more quickly pivot on the opportunity to scrub logs and create a narrative in their favor. Simply put, the MSP becomes a liability in a hack; have them restore the environment and fire them. Molloy DSG can help with this process and ensure the proper termination procedure is followed, provide absolute guidance toward securing the environment, and screen and hire a new long-term and fully competent MSP partner of your choice.
Full MSP termination services available:
Non-interruptive transition capability;
Credential and systems handoff;
Systems availability verification;
MDSG offers an interim MSP service;
We even handle delivering news of termination.
Available by direct referral only.