The Trigger
An active ransomware incident. 2,400 assets encrypted, a ransom demand issued, and data exfiltrated. Business operations completely crippled. The organisation called Theos.
The Environment
A major Philippine real estate and commercial group operating across a large on-premises and hybrid environment. No prior relationship with Theos. The call came during an active incident.
The Theos Approach
Incident Response
Theos activated incident response immediately. Forensic investigation identified patient zero within two weeks. The threat was contained, eradicated, and the full environment stabilised. Coverage continued through the Christmas period and into the New Year until the environment was confirmed clean.
Transition to Managed Security
In early January, the organisation engaged Theos on a long-term managed security contract. The programme covers TDR across assets, identity, cloud, and business applications; dark web monitoring; annual penetration testing; DFIR retainer; tabletop exercises and board briefings; and significant infrastructure hardening across collaboration and workspace environments.
"
We called Theos during an active ransomware incident. Two weeks later the threat was contained. We have not used another security provider since.
