24x7 Incident Response

Activate experienced, local cyber incident response specialists to investigate and eradicate cyber threats.
Contact Us

Kroll Cyber Risk experts respond to over 3,000 cybersecurity events every year. We manage incidents of all types, complexity and severity for a wide range of organisations and industries in Singapore, Hong Kong, across Asia and worldwide. Companies from all over the world rely on our unique frontline experience, not only in response to a crisis, but also for proactive planning and mitigation strategies. Kroll’s Cyber Risk team has been recognised as a top service provider, preferred by major cyber insurers. We also offer client-friendly response retainers for peace of mind.

Quick and Efficient Deployment via Onsite and Remote Incident Response Capabilities

Whether it is an accidental data exposure or a malicious cyberattack, Kroll’s Cyber Risk team can respond immediately. Our global network of certified security and digital forensic experts can deploy remote solutions or be onsite within hours to help clients contain the situation and determine next steps. 

Kroll is a world leader in cybersecurity, digital forensics and data breach response services. We offer end-to-end assistance to allow clients to make informed decisions at every stage, from proactive preparation to customer notification and remediation. We work alongside our clients’ counsel and insurance carriers to smoothly guide them toward recovery. Our goal is to leave organisations in the best defensible position, with their reputations intact and minimal disruption to their everyday operations. 

Common Threats Addressed by Our Incident Response Team

Business Email Compromise and Wire Fraud

Insider Threats and Accidental Data Loss

Advanced Persistent Threats (APT)

Third Party and Vendor-Related Risks

Malware, Keyloggers, and Backdoors

Cryptocurrency Theft


Targeted Intellectual Property Theft

Payment Card Fraud (PCI/PFI)

Web Application Attacks and Password Theft

Kroll Offers a Range of Cyber Incident Response Services to Meet Any Need


  • Malware and Advanced Persistent Threat Analysis and Remediation: Kroll’s forensic examiners analyse malware to determine the breadth and scope of its impact on any organisation’s systems.
  • PHI and PII Identification: Our team provides clients with a master notification list that clearly identifies what types of PHI and PII have been exposed. This helps organisations avoid costly over-notification while still providing targeted notification and remediation services to those affected.
  • Data Breach Notification and Remediation Services: In the event of a data breach, Kroll helps clients to protect their reputations and maintain trust with impacted customers by providing an appropriate and proportional response.
  • Incident Remediation and Recovery Services: Expedite system recovery and minimise business disruption, with services including device and server reimaging, active directory rebuilding, network segmentation, hardware upgrades or replacements, patch management and network hardening.
  • Strategic Communications: Kroll offers a full suite of strategic communications support for incident response, preparedness, and training to help clients navigate all the risk and reputational landmines caused by a cyber crisis.
  • Malware Analysis and Reverse Engineering: Our in-depth technical analysis of both benign and malicious code helps organisations better understand any code-related incident. 

Benefit From Client-friendly Incident Response Retainers

  • Offered for both proactive and reactive services
  • No loss of money at the end of contract term
  • No required use of Kroll’s proprietary tools or applications
  Start Now



  • Clear terms with no automatic renewals or price accelerations
  • Includes Kroll’s core data response capabilities (e.g., Notification, Call Center, Monitoring and Consumer Restoration)
  • Key relationships with some of the largest cyber insurance underwriters in the world
Kroll in Action

Gmail Phishing and Ransomware Distribution

Location: Singapore office of a software development company

Brief: A software development company engaged Kroll to investigate one of their computers, which the IT department suspected to be infected by malware. The investigation scope was to check for

  • the presence of malware
  • the existence of any keylogger/remote control client software
  • links or evidence of external cloud storage use
  • compromise of MS Outlook
  • any other evidence of possible external attack
How Kroll Resolved The Problem


To preserve the evidence, the laptop was brought back to the lab for analysis and forensically imaged. To begin, we checked if there was live malware activity or unauthorised software on the computer. After forensically imaging the disk and memory, we checked for any trace of malware activities in .exes, DLLs and running processes and inspected the emails and other artefacts.

Virtualisation and network traffic monitoring were also used. Results showed that no “live” malware was running on the system. 

We then extracted and inspected emails and internet artefacts such as cloud storage activities, as the client had highlighted these to us as showing evidence of “hacking” activity. Again no “live” malware existed on the system, but malware was detected in an email attachment.

With further examination, we found that the email was a phishing attempt containing Zeus malware not created by the user of the computer. Further examination showed that the email malware was set up to download ransomware onto the victim’s computer.



With further examination of the malicious email, we found that the malicious email contained two phone numbers in the personal email signature of the user of the computer. Prior to the malicious email being sent, our client also received a “signed-in notification” from Google, which alerted our client that the account was signed in to from another country. These characteristics were identified as similar to a recent series of complex Gmail phishing activities occurring worldwide.

As in similar cases, the client had received a Gmail phishing email, clicked on it and then entered their username and password as requested. This phishing activity provided the hackers with access to the client’s Gmail account. The perpetrators then read emails and targeted several email recipients with specific emails claiming to be invoices in attachments. These attachments contained a type of malware (Zeus) which downloaded further ransomware, in turn encrypting the recipient’s computer.

Kroll was ultimately able to demonstrate that the client had been a victim of this Gmail phishing attack and that their account was being used to stage attacks and send ransomware to further clients.


Fortify Your Response Capabilities

Cyber threats are becoming exponentially more common and sophisticated. Our incident response and digital forensics team’s frontline experience can provide companies with a multifaceted and confident response anywhere, anytime. 

Talk to a Cyber Expert

Kroll is ready to help, 24x7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber hotlines or our contact page.

Frequently Asked Questions

Cyber incident response is the process of responding to, managing and mitigating cyber security incidents. Its goal is to limit the damage and disruption caused by cyber-attacks and, where necessary, to restore operations as quickly as possible. When an organisation is impacted by a cyber security breach, a clear perspective is required to take control of the situation and respond effectively to protect assets, operations and reputation. Timely incident response support helps companies to quickly contain the compromise and smoothly achieve recovery, leaving them in the strongest position possible, with minimal business disruption and their reputation intact.

Incident Response Plan Development

Today, you learn your company is experiencing a serious cyber incident. It could be a ransomware attack, a hacked O365 email account, the theft of PII or PHI, data exposure from misconfigured network settings. What is the first step you should take?

Incident Response Tabletop Exercises

Kroll’s field-proven incident response tabletop exercises provide a customised test of every aspect of an organisation’s cyber response plan.

Optimised Third-Party Cyber Risk Management Programmes

Manage risk, not spreadsheets. Identify and address cyber threats in third-party relationships to ensure compliance with regulations such as NYDFS, FARS, GDPR, etc.

Third Party Cyber Audits and Reviews

Kroll’s cyber audits and reviews ensure third parties handle sensitive data according to regulatory guidelines and industry standards.

FAST Attack Simulation

Safely perform attacks on your production environment to test your security technology and processes.

Cyber Governance and Risk

Manage cyber risk and data security governance with Kroll’s defensible cybersecurity strategy framework.