Windows Autopatch: Some admins may have seen Quality and Feature Update reports incorrectly showing "SYSTEM_SCRUBBED" in Windows Autopatch (incident).
View Microsoft 365 Status
Get Started
Need IT support or a security review?
Talk with OpenTech about managed IT, cybersecurity, Microsoft 365, or urgent support.
Request Service Create Ticket
Incident Response

Think your business has been compromised?

If you suspect ransomware, account takeover, phishing-related compromise, business email compromise, or unusual network activity, act quickly. OpenTech Support can help you contain the issue, secure access, and move toward recovery.

Create Incident Ticket Request Service

Existing clients can track updates and communicate through the portal — Portal Login

Important

Do not include passwords, MFA codes, recovery codes, or highly sensitive secrets in tickets or forms. If an account may be compromised, reset credentials from a clean device.

Common incident types

Get help for the situations we see most often

Choose the path that best matches what you’re seeing. If you’re unsure, open an incident ticket first and we’ll help you triage safely.

Ransomware or suspicious encryption

Files are suddenly renamed, inaccessible, encrypted, or a ransom note appears on one or more systems.

Open Incident Ticket Remote Support
Account takeover or MFA fatigue

Unexpected sign-in alerts, repeated MFA prompts, password resets, unfamiliar devices, or locked accounts.

Open Incident Ticket Scam Center
Business email compromise

Suspicious invoice changes, payment redirects, mailbox rules, unexpected forwarding, or impersonation attempts.

Open Incident Ticket Request Service
Escalate immediately if
Operations are down

Users cannot work, systems are unavailable, or shared files and business applications are inaccessible.

The issue is spreading

Multiple devices or accounts are being impacted, or suspicious activity is moving across the environment.

Sensitive data may be exposed

You suspect mailbox compromise, unauthorized access, exfiltration, or exposure of customer or business data.

Immediate actions

Do these first

1) Contain

Disconnect affected devices from Wi-Fi or Ethernet. If the incident appears to be spreading, isolate impacted systems or segments.

2) Preserve

Do not wipe or reimage systems yet. Preserve logs, screenshots, suspicious emails, alerts, filenames, and timestamps.

3) Reset access carefully

If credentials may be exposed, change passwords from a clean device and revoke active sessions where supported.

If you are not sure whether a device should stay powered on or be disconnected, create an incident ticket first and we’ll help guide safe containment.

Create Incident Ticket Remote Support
Our response workflow
Triage

We identify what happened, when it started, and which users, systems, or accounts are affected.

Containment

We help stop spread, secure access, isolate risk, and reduce further impact.

Investigation

We review evidence, affected systems, user actions, and suspicious artifacts to determine scope.

Recovery

We help restore operations, strengthen controls, and reduce the chance of recurrence.

What to include in your ticket
  • What happened and when it started
  • Impacted users, mailboxes, or devices
  • Error messages, ransom notes, screenshots, or alerts
  • Recent changes, downloads, links clicked, or vendor or payment requests
  • Whether systems or accounts were already isolated
Helpful guidance
Verification and scams

If someone pressured you to install software, share a code, approve MFA prompts, or move money, stop and verify first.

Scam Center Report Suspicious
Trust and verification

OpenTech Support will never ask for your password by email, chat, or ticket. If you receive a message claiming to be OpenTech, verify it through the official portal or our website before taking action.