{"id":60198,"date":"2026-01-05T13:08:23","date_gmt":"2026-01-05T05:08:23","guid":{"rendered":"https:\/\/www.crazydomains.com\/learn\/?p=60198"},"modified":"2026-02-03T18:10:03","modified_gmt":"2026-02-03T10:10:03","slug":"hack-recovery","status":"publish","type":"post","link":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/","title":{"rendered":"Incident Response Runbooks: What to Do in the First 24 Hours After a Hack"},"content":{"rendered":"<table>\n<tbody>\n<tr>\n<td>\n<p data-start=\"919\" data-end=\"1170\">Early missteps during a breach can amplify damage, legal exposure and downtime. Clear triage, disciplined containment, forensic readiness and controlled restoration help teams act decisively while preserving evidence and maintaining stakeholder trust.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The clock starts the moment a breach alert fires. Systems can be disabled, confidential data siphoned, and customer confidence dented long before a full investigation even begins. Those opening hours decide whether you stay ahead of the attacker or chase chaos.<\/p>\n<p>This rapid runbook gives teams a clear, time-boxed path for hack recovery: triage, containment, malware cleanup steps, communications and evidence preservation. By following a structured sequence, you maintain business focus, meet legal and insurer expectations and keep decision-makers calm.<\/p>\n<h2>Immediate Triage: First 30\u201360 Minutes<\/h2>\n<p>Fast scoping tells you how big the problem is, who needs to be involved and which systems to lock down first.<\/p>\n<h3>Quick Incident Identification<\/h3>\n<p>Record how the incident surfaced: SIEM alert, user ticket or third-party notification. Note the exact time, initial symptoms and all affected assets. Classify severity based on business impact, then trigger the escalation playbook.<\/p>\n<h3>Rapid Scope Mapping<\/h3>\n<p>List compromised user accounts, IP addresses, hosts and key services such as email, payroll or payment processing. Rank them by potential revenue, regulatory or customer consequences.<\/p>\n<h3>Immediate Roles and Escalation<\/h3>\n<p>Activate the incident lead plus IT, security, legal and communications owners. If you retain an external forensics partner, page them now. Brief executives with a two-sentence status and set the next update checkpoint. Clear, early communication underpins every successful hack recovery.<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong><span style=\"color: #008080;\">Also Read<\/span>:\u00a0<\/strong><a href=\"https:\/\/www.crazydomains.com.au\/learn\/website-hack\/\" target=\"_blank\" rel=\"noopener\">What Happens When Your Website Gets Hacked \u2013 And How to Recover Quickly<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Contain and Isolate: Actions to Stop Ongoing Damage<\/h2>\n<p>Once the scope is sketched, stop the bleeding while keeping evidence intact.<\/p>\n<h3>Short-Term Containment<\/h3>\n<p>Isolate infected hosts on a quarantine VLAN rather than powering them off. Suspend or reset compromised accounts, revoke active tokens and rotate privileged credentials. For ransomware, disconnect backup repositories to prevent secondary encryption.<\/p>\n<h3>Network Controls<\/h3>\n<p>Block malicious IPs and command-and-control domains at firewalls and intrusion systems. Apply temporary rate-limits or geo-blocks to exposed services until they are verified safe.<\/p>\n<h3>Operational Cautions<\/h3>\n<p>Avoid mass reboots or hurried re-images before capturing volatile data; overwriting evidence can hinder later insurer or regulator reviews.<\/p>\n<h2>Preserve Evidence, Legal &amp; Insurance Notification<\/h2>\n<p>A calm, forensic-ready mindset protects you from legal, regulatory and financial surprises.<\/p>\n<h3>Evidence Preservation Steps<\/h3>\n<p>Capture full-disk images, memory dumps, and log exports before making changes. Keep a chain-of-custody log detailing who collected each artefact and when. Store copies in write-once locations to prevent tampering.<\/p>\n<h3>Legal, Privacy &amp; Insurance Considerations<\/h3>\n<p>Contact legal counsel to assess breach-notification obligations and deadlines. Alert your cyber insurer early; many policies require notice within 24 hours and specify evidence formats. Record every decision and approval for audit.<\/p>\n<h2>Eradicate Malware: Practical Malware Cleanup Steps<\/h2>\n<p>With systems contained and evidence secured, remove the attacker\u2019s foothold.<\/p>\n<h3>Malware Cleanup Steps<\/h3>\n<ol>\n<li>Correlate Indicators of Compromise (hashes, IPs, file paths) against all hosts to locate infections.<\/li>\n<li>Follow vendor-specific removal instructions for known malware. If malware is unfamiliar or shows persistence techniques, escalate to specialist forensics.<\/li>\n<li>When system integrity is doubtful, rebuild from known-good images instead of in-place cleaning.<\/li>\n<li>Validate cleanliness with at least two tools (endpoint scanner and network telemetry) before reconnecting hosts.<\/li>\n<\/ol>\n<h3>Validation &amp; Hardening Post-Eradication<\/h3>\n<p>Patch exploited services, enforce MFA, rotate all credentials and delete dormant admin accounts. Increase log retention, deploy honeypots where feasible and tune alerts to catch the same attack pattern in minutes, not hours.<\/p>\n<h2>Restore Services Safely<\/h2>\n<p>Business must resume, but only on trusted foundations.<\/p>\n<h3>Prioritised Restore Sequence<\/h3>\n<p>Recover systems in business-value order: identity stores, customer-facing portals, internal collaboration tools. Verify backups offline, then stage restores into a clean environment. Where compromise is suspected within an image, rebuild instead (See \/blog\/backup-best-practices).<\/p>\n<h3>Post-Restore Validation<\/h3>\n<p>Reissue credentials, test user journeys and transaction flows, then monitor aggressively for anomalies for at least a fortnight. Document sign-off from each system owner before declaring full production status.<\/p>\n<h2>Communication Plan: Who to Tell, When and How<\/h2>\n<p>Clear, timely messaging limits speculation and regulatory risk.<\/p>\n<h3>Internal Communications<\/h3>\n<p>Give executives a concise impact summary, current containment status and next check-in time. Provide staff with do-and-don\u2019t guidance: which systems are offline, password-reset rules and approved sharing channels.<\/p>\n<h3>External Notifications<\/h3>\n<p>Inform customers with factual, calm statements: what happened, what you\u2019re doing and the expected next steps. Coordinate wording with legal for any regulator reports, ensuring deadlines are met. Alert critical partners or payment gateways so they can reinforce their own defences.<\/p>\n<h3>Media\/PR Considerations<\/h3>\n<p>Prepare a short holding statement and name a single spokesperson. Commit to scheduled updates rather than ad-hoc comments, and never speculate on root cause until investigations confirm.<\/p>\n<h3>Communication Templates &amp; Channels<\/h3>\n<p>Keep pre-written email, portal banner and social-media templates stored with the plan for one-click deployment. Maintain an off-network copy so you\u2019re not stranded if mail servers are affected. A rehearsed communication plan saves precious time.<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong><span style=\"color: #008080;\">Also Read<\/span>:\u00a0<\/strong><a href=\"https:\/\/www.crazydomains.com.au\/learn\/how-to-protect-domain-id\/\" target=\"_blank\" rel=\"noopener\">How to Protect Domain ID from Hackers and Spammers<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Post-Incident Review and Next Controls<\/h2>\n<p>Turn hard-won lessons into stronger defences.<\/p>\n<h3>Rapid After-Action (within 7 days)<\/h3>\n<p>Reconstruct a full timeline, evidence summary and decision log. Identify the root cause, not just symptoms, and map each finding to a control gap.<\/p>\n<h3>Remediation Roadmap<\/h3>\n<p>Rank fixes by risk and effort\u2013patch high-priority systems, improve network segmentation and tighten identity management. Assign owners, deadlines and budget.<\/p>\n<h3>Reporting &amp; Compliance<\/h3>\n<p>Produce a concise incident report for leadership, insurers and, if needed, regulators, highlighting exactly what you achieved in the first 24 hours.<\/p>\n<table>\n<tbody>\n<tr>\n<td><em><strong>Pro Tip:<\/strong>\u00a0Maintain a sealed \u201cincident locker\u201d with signed legal checklists, pre-authorised password-reset scripts and ready-to-send customer templates. Grabbing that folder cuts decision time to seconds when stress is highest.<\/em><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>When Every Minute Counts, Structure Wins<\/h2>\n<p>Rapid triage, decisive containment, evidence preservation, structured malware cleanup steps, safe restoration and a disciplined communication plan form a proven 24-hour rhythm for hack recovery. Follow this runbook to slash downtime, protect customer data and preserve insurer or regulator confidence.<\/p>\n<p data-start=\"1550\" data-end=\"1786\">At Crazy Domains, we help reduce recovery risk by keeping your domains, hosting, backups and DNS under one secure, well-monitored roof. When incidents strike, our infrastructure and support let you isolate, restore and communicate faster with confidence.<\/p>\n<p data-start=\"1550\" data-end=\"1786\">Cut recovery time before the next alert hits. Move your domains and hosting to Crazy Domains today!\u00a0<a href=\"https:\/\/www.crazydomains.com.au\/members\/login\/register\/\" target=\"_blank\" rel=\"noopener\">Sign up now<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Early missteps during a breach can amplify damage, legal exposure and downtime. Clear triage, disciplined containment, forensic readiness and controlled restoration help teams act decisively while preserving evidence and maintaining stakeholder trust. The clock starts the moment a breach alert fires. Systems can be disabled, confidential data siphoned, and customer confidence dented long before a [&hellip;]<\/p>\n","protected":false},"author":1537,"featured_media":60199,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1979],"tags":[],"coauthors":[8037],"class_list":["post-60198","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Incident Response Runbook: What to Do After a Cyber Attack<\/title>\n<meta name=\"description\" content=\"Learn how to respond to a cyber attack in the first 24 hours with structured triage, malware cleanup, legal coordination and recovery steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Incident Response Runbook: What to Do After a Cyber Attack\" \/>\n<meta property=\"og:description\" content=\"Learn how to respond to a cyber attack in the first 24 hours with structured triage, malware cleanup, legal coordination and recovery steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/\" \/>\n<meta property=\"og:site_name\" content=\"Crazy Domains Learn\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-05T05:08:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-03T10:10:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.crazydomains.com\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png\" \/>\n\t<meta property=\"og:image:width\" content=\"636\" \/>\n\t<meta property=\"og:image:height\" content=\"392\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Rachel Furtado\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rachel Furtado\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/\"},\"author\":{\"name\":\"Rachel Furtado\",\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#\/schema\/person\/09a7c17d57ecaf3d1968a6a9a4259033\"},\"headline\":\"Incident Response Runbooks: What to Do in the First 24 Hours After a Hack\",\"datePublished\":\"2026-01-05T05:08:23+00:00\",\"dateModified\":\"2026-02-03T10:10:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/\"},\"wordCount\":1051,\"publisher\":{\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png\",\"articleSection\":[\"Business\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/\",\"url\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/\",\"name\":\"Incident Response Runbook: What to Do After a Cyber Attack\",\"isPartOf\":{\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png\",\"datePublished\":\"2026-01-05T05:08:23+00:00\",\"dateModified\":\"2026-02-03T10:10:03+00:00\",\"description\":\"Learn how to respond to a cyber attack in the first 24 hours with structured triage, malware cleanup, legal coordination and recovery steps.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#primaryimage\",\"url\":\"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png\",\"contentUrl\":\"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png\",\"width\":636,\"height\":392,\"caption\":\"Incident Response Runbooks: What to Do in the First 24 Hours After a Hack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.crazydomains.com.au\/learn\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Incident Response Runbooks: What to Do in the First 24 Hours After a Hack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#website\",\"url\":\"https:\/\/www.crazydomains.com\/learn\/\",\"name\":\"Crazy Domains Learn\",\"description\":\"Resources to help you excel online\",\"publisher\":{\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.crazydomains.com\/learn\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#organization\",\"name\":\"Crazy Domains Learn\",\"url\":\"https:\/\/www.crazydomains.com\/learn\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2021\/02\/learn-dash-blue-logo-2.svg\",\"contentUrl\":\"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2021\/02\/learn-dash-blue-logo-2.svg\",\"width\":147,\"height\":43,\"caption\":\"Crazy Domains Learn\"},\"image\":{\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#\/schema\/person\/09a7c17d57ecaf3d1968a6a9a4259033\",\"name\":\"Rachel Furtado\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.crazydomains.com\/learn\/#\/schema\/person\/image\/8c465acc0b5d0df36710d5350f50f730\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/69ea6a4f4c200dff1147bf30040c5330?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/69ea6a4f4c200dff1147bf30040c5330?s=96&d=mm&r=g\",\"caption\":\"Rachel Furtado\"},\"description\":\"Web hosting specialist with a knack for creativity and a passion for baking, serving up tech solutions with a side of sweetness.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/rachel-furtado-marketing-specialist\/\"],\"url\":\"https:\/\/www.crazydomains.com\/learn\/author\/rachel-f\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Incident Response Runbook: What to Do After a Cyber Attack","description":"Learn how to respond to a cyber attack in the first 24 hours with structured triage, malware cleanup, legal coordination and recovery steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/","og_locale":"en_US","og_type":"article","og_title":"Incident Response Runbook: What to Do After a Cyber Attack","og_description":"Learn how to respond to a cyber attack in the first 24 hours with structured triage, malware cleanup, legal coordination and recovery steps.","og_url":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/","og_site_name":"Crazy Domains Learn","article_published_time":"2026-01-05T05:08:23+00:00","article_modified_time":"2026-02-03T10:10:03+00:00","og_image":[{"width":636,"height":392,"url":"https:\/\/www.crazydomains.com\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png","type":"image\/png"}],"author":"Rachel Furtado","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rachel Furtado","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#article","isPartOf":{"@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/"},"author":{"name":"Rachel Furtado","@id":"https:\/\/www.crazydomains.com\/learn\/#\/schema\/person\/09a7c17d57ecaf3d1968a6a9a4259033"},"headline":"Incident Response Runbooks: What to Do in the First 24 Hours After a Hack","datePublished":"2026-01-05T05:08:23+00:00","dateModified":"2026-02-03T10:10:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/"},"wordCount":1051,"publisher":{"@id":"https:\/\/www.crazydomains.com\/learn\/#organization"},"image":{"@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#primaryimage"},"thumbnailUrl":"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png","articleSection":["Business"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/","url":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/","name":"Incident Response Runbook: What to Do After a Cyber Attack","isPartOf":{"@id":"https:\/\/www.crazydomains.com\/learn\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#primaryimage"},"image":{"@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#primaryimage"},"thumbnailUrl":"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png","datePublished":"2026-01-05T05:08:23+00:00","dateModified":"2026-02-03T10:10:03+00:00","description":"Learn how to respond to a cyber attack in the first 24 hours with structured triage, malware cleanup, legal coordination and recovery steps.","breadcrumb":{"@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#primaryimage","url":"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png","contentUrl":"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2026\/02\/Screenshot-2026-02-03-at-1.35.03-PM.png","width":636,"height":392,"caption":"Incident Response Runbooks: What to Do in the First 24 Hours After a Hack"},{"@type":"BreadcrumbList","@id":"https:\/\/www.crazydomains.com.au\/learn\/hack-recovery\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.crazydomains.com.au\/learn\/"},{"@type":"ListItem","position":2,"name":"Incident Response Runbooks: What to Do in the First 24 Hours After a Hack"}]},{"@type":"WebSite","@id":"https:\/\/www.crazydomains.com\/learn\/#website","url":"https:\/\/www.crazydomains.com\/learn\/","name":"Crazy Domains Learn","description":"Resources to help you excel online","publisher":{"@id":"https:\/\/www.crazydomains.com\/learn\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.crazydomains.com\/learn\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.crazydomains.com\/learn\/#organization","name":"Crazy Domains Learn","url":"https:\/\/www.crazydomains.com\/learn\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.crazydomains.com\/learn\/#\/schema\/logo\/image\/","url":"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2021\/02\/learn-dash-blue-logo-2.svg","contentUrl":"https:\/\/www.crazydomains.com.au\/learn\/wp-content\/uploads\/2021\/02\/learn-dash-blue-logo-2.svg","width":147,"height":43,"caption":"Crazy Domains Learn"},"image":{"@id":"https:\/\/www.crazydomains.com\/learn\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.crazydomains.com\/learn\/#\/schema\/person\/09a7c17d57ecaf3d1968a6a9a4259033","name":"Rachel Furtado","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.crazydomains.com\/learn\/#\/schema\/person\/image\/8c465acc0b5d0df36710d5350f50f730","url":"https:\/\/secure.gravatar.com\/avatar\/69ea6a4f4c200dff1147bf30040c5330?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/69ea6a4f4c200dff1147bf30040c5330?s=96&d=mm&r=g","caption":"Rachel Furtado"},"description":"Web hosting specialist with a knack for creativity and a passion for baking, serving up tech solutions with a side of sweetness.","sameAs":["https:\/\/www.linkedin.com\/in\/rachel-furtado-marketing-specialist\/"],"url":"https:\/\/www.crazydomains.com\/learn\/author\/rachel-f\/"}]}},"lang":"au","translations":{"au":60198},"pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/posts\/60198"}],"collection":[{"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/users\/1537"}],"replies":[{"embeddable":true,"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/comments?post=60198"}],"version-history":[{"count":1,"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/posts\/60198\/revisions"}],"predecessor-version":[{"id":60200,"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/posts\/60198\/revisions\/60200"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/media\/60199"}],"wp:attachment":[{"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/media?parent=60198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/categories?post=60198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/tags?post=60198"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.crazydomains.com.au\/learn\/wp-json\/wp\/v2\/coauthors?post=60198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}