Welcome to Emergency Response
This tool is designed for Laymen, Students, and SME Owners who do not have an internal IT staff to call during a security breach.
But if you have no budget and no IT staff, your priority is stopping the damage, not preserving evidence for court.
How to use this app:
- Use the menu buttons above to navigate through the phases of an attack.
- Follow the steps in order.
Phase 1: Immediate Containment
Do this immediately. Every second counts.
π Step 1: Pull the Plug
Do not shut down the computer yet. Physically disconnect the internet.
- Unplug the Ethernet cable.
- Toggle the Wi-Fi switch off.
- If unsure, turn off the main office/home Router to kill internet for the building.
π· Step 2: Photograph Evidence
Use your mobile phone. Take clear photos of:
- Ransom notes.
- Error messages.
- Suspicious pop-ups.
Reason: You need this info later, but you don't want to touch the infected keyboard.
Phase 2: The Decision Fork
You must choose a path based on your Budget and Data Value.
Scenario A: Insured
You have Cyber Insurance.
ACTION: Stop everything. Call your insurance hotline immediately. Do not try to fix it yourself or you void the claim.
Scenario B: Critical Data
No insurance, but data is worth $$$ (Client info, IP).
ACTION: Hire an external MSSP (Managed Security Service Provider). Do not go to a local PC repair shop.
Scenario C: Scorched Earth
No insurance, no budget, just need the PC back.
ACTION: Proceed to Phase 3 (DIY Recovery). Accept that current data on the drive may be lost.
Phase 3: The "Scorched Earth" Recovery
Only strictly for Scenario C (No budget, DIY approach).
β’οΈ Step 1: The "Nuke and Pave"
Antivirus is often not enough. You must wipe the drive.
- Get a clean computer and a USB drive.
- Download Windows/macOS installer to the USB.
- Boot the infected PC from the USB.
- Format/Delete the hard drive partitions.
- Reinstall the OS fresh.
If asked for a key, click "I don't have a product key." Windows usually reactivates automatically once it connects to the internet (Digital License).
π‘οΈ Step 2: The Safe Restoration Protocol
A. Files (Docs, Photos, PDFs)
- Plug in your backup drive, but do not open files yet.
- Right-click the drive -> "Scan with Microsoft Defender".
- Only copy files after the scan says "0 Threats Found."
B. Programs (Word, Chrome, Zoom)
- β NEVER restore programs from backup.
- β ALWAYS download fresh installers from the official websites.
1. Full System Images:
Do not use "Restore/Recover Computer." This will put the virus back.
Instead, use your backup software to "Mount" the image as a drive. Open it like a folder, grab only your documents, and ignore the rest.
2. Bookmarks & Saved Passwords:
DANGER: Do not manually copy "AppData" or "Library" folders. Viruses hide there.
Safe Method: Sign in to your browser (Chrome/Edge) on the clean PC. If you had Cloud Sync active, your data will reappear safely. If not, accept the lossβit is better than being hacked again.
π Step 3: Post-Recovery Checklist
Click to mark as done:
Cyber Insurance in Hong Kong
In Hong Kong, "Laymen" and SMEs have specific options tailored to low budgets.
For Individuals (Personal)
Focuses on: Online Shopping Fraud, Identity Theft, Ransomware Extortion.
- Standard Chartered / Allianz: Often ~HK$25-30/month. Good for general personal protection.
- Zurich CyberSide: Includes support for cyberbullying and data restoration.
- AIG Personal Cyber: Often covers unauthorized e-wallet transactions.
For SMEs (Business)
Focuses on: Data Liability, Business Interruption, and Incident Response Hotline.
- HKBN (Hong Kong Broadband Network): Often bundles free/cheap AXA insurance with business broadband plans. Check your contract!
- Chubb SME: Known for having a strong, dedicated Incident Response team you can call 24/7.
- OneDegree: Virtual insurer offering modern plans for digital assets and tech-focused SMEs.