Site or server down because of a compromise? Search results showing "this site may harm your computer"? Ransomware on a server? This is the work we've done thousands of times at Sucuri and OSSEC. Expect a triage call within hours, not days.
Triage & containment
First call: what's on fire and what's the blast radius. We'll usually isolate the affected system, preserve forensic evidence, and stabilize the business — taking the site safely offline if needed, or putting it behind an emergency WAF rule set.
Malware & backdoor removal
Full cleanup of webshells, backdoors, injected code, cron persistence, hidden admin accounts, modified core files, malicious database content. We don't do superficial cleanups — we look for re-infection vectors.
Blacklist removal
Removal from Google Safe Browsing, McAfee SiteAdvisor, Norton, Sucuri, and similar lists. Coordinated with the cleanup so re-listing doesn't happen.
Root-cause & report
Every engagement ends with a written incident report: timeline, indicators of compromise, root cause, and recommendations. The kind of document your cyber-insurance carrier, board, or regulator will actually accept.