CERT Active · 24×7 Incident Response

Report an Incident
In Seconds, Not Forms.

Skip the long forms. Pick a severity, tap a channel, and reach the right response team instantly. Calls to the National Cyber Crime Helpline 1930 and reports to cybercrime.gov.in are one tap away.

Live Response Console
LIVE · IST

Avg Response Time

First contact

< 60Mins

CERT Team Status

Team CyberHawkz

Online

IR Retainer Clients

Priority queue

11
Threat Level Elevated
Step 1 · Quick Severity Triage

How Bad Is It? Pick Your Level.

Each level shows the exact next steps — no typing, no dropdowns, no logins.

Critical

P1 · Active Breach

< 60s

You are under active attack. Data is being exfiltrated or systems are being encrypted. Act now — every second matters.

1Isolate affected systems from the network immediately. Do NOT power them off (preserves forensic evidence).
2Call the National Cyber Crime Helpline 1930 and CyberHawkz CERT in parallel.
3Preserve logs and memory dumps. Document the timeline of what you observed.
Call 1930 Now

High

P2 · Confirmed Intrusion

< 4 min

An attacker is inside your environment but may not have reached crown-jewel systems yet. Containment is the priority.

1Identify and isolate compromised accounts. Force password resets and revoke active sessions.
2Collect IAM logs, EDR alerts, and proxy logs for the last 30 days.
3Report to CERT-In within 6 hours per April 2022 directions. Email CyberHawkz CERT for retainer engagement.
Email CyberHawkz CERT

Medium

P3 · Suspicious Activity

< 30 min

A credible threat that needs investigation but is not yet confirmed as a breach. Triage before escalating.

1Capture all relevant indicators: sender addresses, URLs, file hashes, timestamps.
2Run a targeted scan on affected endpoints. Check email gateway and proxy logs.
3If confirmed malicious, escalate to High and report to CERT-In.
Email Analysts

Low

P4 · Report / Inquiry

< 24 hrs

A vulnerability report, a policy question, or an intelligence tip-off. No immediate threat, but worth logging.

1Document the finding with as much detail as possible: affected component, reproducibility, impact.
2Email CyberHawkz with your findings. We will acknowledge within 1 business day.
3For critical vulnerabilities in Indian government systems, also notify CERT-In via [email protected].
Email Report
Step 2 · What Happened?

Match Your Incident. See Next Steps.

Each card shows the 3-step action checklist for that incident type — no descriptions to write.

Phishing

Email / SMS / Call

Fake emails, smishing texts, vishing calls impersonating brands, banks, or government.

1Do NOT click links. Screenshot the message with sender ID visible.
2Report to cybercrime.gov.in under "Report Cyber Crime Against Women & Children" or "Other Cyber Crime".
3If you entered credentials or UPI PIN, call 1930 immediately to freeze fraudulent transactions.

Ransomware

Files encrypted

Files renamed with strange extensions, ransom note on desktop, systems locked.

1Isolate the machine from network immediately — pull the Ethernet cable, turn off Wi-Fi. Do NOT power off (preserves forensic evidence).
2Do NOT pay the ransom. Report on cybercrime.gov.in and call 1930.
3Photograph the ransom note. Preserve encrypted file samples for forensic analysis.

Data Breach

Exposed / stolen

Customer data leaked, database accessed without authorization, dark web listing found.

1Under DPDP Act 2023, notify CERT-In within 72 hours. Use the CERT-In vulnerability reporting form.
2Preserve access logs, IAM events, and CloudTrail/audit trails. Do NOT modify affected systems.
3If financial data is involved, file an FIR at the nearest cyber crime police station and report on cybercrime.gov.in.

Account Compromise

Hacked / takeover

Email, social media, banking, or cloud account accessed by someone else.

1Change password from a different trusted device. Enable 2FA. Revoke all active sessions and app tokens.
2If banking/UPI access was involved, call 1930 to report unauthorized transactions within the golden hour.
3Report on cybercrime.gov.in. Notify your organization's IT security team if a work account was hit.

Malware

Trojan / spyware

Strange processes, high CPU/network, antivirus alerts, unexpected pop-ups.

1Disconnect from network. Run a full antivirus scan in safe mode. Note any recently installed apps.
2From a clean device, change passwords for accounts that were logged in on the infected machine.
3Submit malware samples to CERT-In at cert-in.org.in. Report the incident on cybercrime.gov.in.

DDoS Attack

Service down

Website or API suddenly unresponsive, huge traffic spikes, upstream alerts.

1Enable your CDN/WAF rate-limiting and bot protection. Switch to "under attack" mode if available.
2Capture traffic samples and origin IP logs for attribution. Coordinate with your ISP for upstream filtering.
3If critical infrastructure, notify NCIIPC and CERT-In. Report on cybercrime.gov.in.
Step 3 · Quick Contact Channels

Reach The Right Team In One Tap.

Pick the fastest channel for your situation. All lines are monitored. No ticket numbers, no queues.

National Cyber Crime Helpline

Government of India · MHA

Priority

For any cyber crime affecting citizens — financial fraud, social media abuse, online harassment. The 1930 helpline can freeze fraudulent UPI/bank transactions within the golden hour.

Call 1930 Now

National Cyber Crime Portal

cybercrime.gov.in

Official

File a formal complaint with the National Cyber Crime Reporting portal under MHA. Tracks criminal investigation, generates complaint number, forwards to the right state cyber crime cell.

Open cybercrime.gov.in

CyberHawkz CERT Email

[email protected]

24×7

For enterprise IR retainers and B2B incidents. Send indicators, screenshots, and a one-line description. Our SOC auto-triages and responds within 60 seconds during business-critical hours.

Email CyberHawkz CERT

CyberHawkz SOC Hotline

+91 80 1234 5678

Retainer

Dedicated line for IR retainer clients and government partners. Speak directly to a SOC analyst — no IVR, no hold music. English / Hindi / Kannada / Tamil supported.

Call SOC Hotline
Step 4 · Evidence Quick-Share

Got Screenshots or IOCs? Send Them Fast.

No upload forms. No file size limits. Just paste, email, or message us — your evidence goes straight to the analysts.

Drag & Drop Your Evidence

Screenshots of phishing emails, ransom notes, malicious files, suspicious URLs, IOC lists, or log snippets. We accept anything — our analysts sort it out.

PNG / JPG PDF TXT / LOG CSV / JSON ZIP (password-protected)

This is a visual guide — use the quick-action buttons to send evidence.

Email as Attachment

Opens your mail client pre-addressed to [email protected]

WhatsApp Business

Send images and voice notes to our SOC WhatsApp line

Telegram SOC Channel

@cyberhawkz_soc — encrypted, supports large file transfers

Chain of Custody Matters

Per the Indian Evidence Act 1872, preserve original files with timestamps. Don't edit or "clean up" evidence — send it exactly as you found it. Our analysts maintain a defensible chain of custody for legal proceedings.

Response Timeline

From Your Tap To Full Remediation.

Every minute counts. Here's exactly what happens after you reach out.

Stage 01

Report

You tap a channel — call 1930, open cybercrime.gov.in, or email CyberHawkz CERT.

< 60s

Stage 02

Triage

SOC analyst verifies severity, scopes the blast radius, and assigns an IR lead.

< 4 min

Stage 03

Investigate

Forensic analysis, IOC extraction, attacker attribution, containment recommendations.

< 30 min

Stage 04

Remediate

Eradication, recovery, CERT-In compliance filing, and post-incident review.

< 24 hrs

Indian Cyber Crime Resources

Official Channels & Authorities

Bookmark these. Know who to reach and when.

Quick Answers

Frequently Asked Questions

Straight answers to the questions we get most during incidents.

Call 1930 immediately when there's an active financial fraud — unauthorized UPI, bank transfer, or card transaction. The helpline can freeze the money trail within the golden hour. Use cybercrime.gov.in for everything else: filing a formal complaint, social media abuse, online harassment, identity theft, or when you need a documented complaint number for legal follow-up.
Per CERT-In Directions dated April 28, 2022, all service providers, intermediaries, data centers, body corporates, and government organizations must report cyber security incidents to CERT-In within 6 hours of becoming aware of them. This is stricter than GDPR's 72-hour window. CyberHawkz handles this filing for IR retainer clients automatically.
No. The 1930 helpline and cybercrime.gov.in are free government services available to every Indian citizen and organization. CyberHawkz CERT email and SOC hotline are available to everyone for initial triage — retainer clients get priority SLAs, dedicated analysts, and full incident response engagement. You can upgrade to a retainer any time.
Screenshots of phishing emails (with full headers), ransom notes, suspicious URLs, error messages, and any attacker communication. Original files — do not rename, edit, or "clean" them. System logs, firewall logs, and access logs. Preserve metadata timestamps. Under the Indian Evidence Act 1872, a defensible chain of custody is required for any evidence used in legal proceedings. Send everything to [email protected] and we'll handle it.
Initial triage and advisory are free for everyone — we will never turn away a genuine incident. Full incident response engagements are billed based on scope and severity.
Don't Wait · Every Second Counts

Reach The Right Team Right Now.

If you're under active attack, call 1930 first. Then file a formal complaint on cybercrime.gov.in. For enterprise incident response, reach our CERT at [email protected].