Try this first
- 1Step 1: Do not power off, do not reboot, do not 'just try something'. Memory data is valuable for investigation.
- 2Step 2: Take photos or screenshots of what you see. Time, screen, prompts. Does not have to be perfect.
- 3Step 3: Pull the network cable or turn off Wi-Fi. Device stays on, but no longer communicates externally.
- 4Step 4: Call your IT contact or vendor. Not via email from the suspect device, call from a phone or different device.
- 5Step 5: Write down who did what when. Simple log: 'at 14:32 X saw this'. Helps later investigation.
When to bring us in
Actually suspicious activity (strange processes, ransom prompts, unknown remote tools): we come look immediately. Do not wait until you 'figure it out yourself'. The first two hours are worth gold.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.