You’ve been hacked or maybe you’re not sure?
The next steps you take will be vital! The RACK911 Labs Incident Response Team is on standby to help respond to any threats and help contain the damage before it’s too late.
Respond & Assess
As soon as we are given access to the compromised server, we start by locking everything down to ensure the attacker(s) no longer are able to interfere with the server. In a lot of cases, we even completely disable remote access and require a secure connection over KVM and/or VPN.
Once we are confident that no one else is able to access the server, we begin the process of preserving data and gathering system logs. Even though we never fully trust system logs as they can be tampered with, they can still help us get a better understanding of what was happening leading up to the incident and also what has occurred afterwards.
Contain & Recover
We’ll find the point of intrusion and make any necessary changes to ensure that it doesn’t happen again. Were any files modified? Were any backdoors or malware installed? These will all turn up during our forensic audit and help us develop an effective recovery plan.
After any compromised data has been restored and we are confident that your server is in a secure state, our team will discuss their findings with you. There’s always room for improvement and we will certainly outline any shortcomings and most importantly, what changes we recommend to prevent further security incidents.