Emergency IT Support
in Raleigh, NC
Same-Day Response
Your systems went down. Your email is out. You suspect ransomware. Whatever the crisis, Petronella Technology Group picks up the phone and gets to work. No escalation maze. No ticket queue.
What to Tell Us in the First 60 Seconds
When you call, our engineer picks up. The faster you can communicate these five points, the faster we can triage and act.
- 1 Describe the symptom. "Our server won't boot." "Users can't log into email." "We're seeing ransom messages on screens." Specifics beat vague. The exact error message or screen text matters.
- 2 Tell us the scope. One machine, one office, everyone, or an entire cloud tenant? Scope shapes whether we go remote-first or deploy on-site immediately.
- 3 When did it start? "Twenty minutes ago" vs. "I came in this morning and it was already like this" vs. "we noticed it Friday but thought it would sort itself out" -- timeline narrows the root cause category fast.
- 4 Any recent changes? Windows update overnight. New software installed. A vendor had remote access last week. A cable got moved. Anything changed is a candidate cause until ruled out.
- 5 Are your backups reachable? We may need to restore. Knowing whether backups exist and where they live -- cloud, NAS, tape, nowhere -- shapes the recovery plan in real time.
We Respond Fast, On Purpose
Downtime costs real money every minute. We structure our emergency response so there are no wasted handoffs between when you call and when remediation begins.
Retained MSP clients receive priority queue automatically. Non-clients welcome for one-time emergency callouts.
If It's Breaking Your Business, We Handle It
These are the scenarios we field most often. If yours isn't on the list, call anyway. Our engineers troubleshoot broadly across infrastructure, cloud, security, and end-user systems.
Ransomware Suspected or Confirmed
Encrypted files, ransom notes on screens, unusual network activity overnight. Stop what you're doing and call us before anything else -- do not pay.
Server Down
Physical server won't boot, hypervisor not responding, VM cluster in a failed state. We triage hardware vs. software vs. storage failures and get services back online.
Email Outage
Microsoft 365 or on-premise Exchange down, mail flow blocked, entire tenant unreachable. We work directly in the admin portals to restore service.
Security Incident / Active Breach
Unauthorized access detected, suspicious logins from foreign IPs, unusual admin activity. We contain the threat, preserve evidence, and begin forensic analysis.
Accidental Deletion / Data Loss
Critical files or database records deleted -- by mistake or by malware. We check backup chains, shadow copies, and recycle bin states before escalating to recovery tools.
Network Outage
Entire office or site loses internet or internal connectivity. We identify whether the failure is ISP, firewall, switch, or routing and coordinate with carriers when needed.
Critical Patch Failed
A Windows or firmware update bricked a machine, caused a boot loop, or knocked out a critical application. We roll back, recover, and isolate before re-testing.
Domain Controller Failure
Active Directory down means nobody can log in. We recover DC from backup or rebuild from the ground up depending on the situation, with minimum disruption to end users.
Microsoft 365 Tenant Lockout
Admin account locked, MFA device lost, tenant suspended, or conditional access policies misconfigured locking out everyone. We escalate through Microsoft support channels alongside our own admin recovery procedures.
Cloud Outage Affecting Your Workload
AWS, Azure, or GCP incidents affecting your hosted systems, databases, or SaaS platforms. We assess what's a provider outage vs. what's your configuration, and activate failover where possible.
Lost or Stolen Device
Laptop stolen, phone lost with corporate data. We activate remote wipe, revoke credentials, audit access logs, and begin the breach assessment process immediately.
Phishing Response
An employee clicked a link, entered credentials, or opened an attachment. We assess the blast radius, rotate compromised credentials, check for mail forwarding rules and OAuth grants, and close the exposure window.
What Happens When You Call
We run a structured incident response process so nothing falls through the cracks and you always know where things stand.
Intake and Triage
A Petronella Technology Group engineer answers. We collect the five intake points, classify the incident type, and decide within minutes whether remote access resolves it or on-site dispatch is required.
Remote Remediation
For the majority of incidents, we start a secure remote session immediately. We can be inside your environment working the problem while you're still on the phone explaining what happened.
Escalation and On-Site Dispatch
Physical hardware failures, complex network issues, and security incidents requiring evidence collection need boots on the ground. For Raleigh and the Research Triangle, we dispatch within 60-90 minutes during business hours.
Resolution and Verification
We confirm the system is back to a known-good state before we close the incident. That means testing, not just "it looks okay." We verify services, user access, and data integrity before we leave or end the session.
Post-Incident Report
Within 48 hours we deliver a written summary: root cause, timeline, what was done, and recommended steps to prevent recurrence. This document supports your insurance claim, compliance audit, or internal debrief.
SMBs Across North Carolina, Any Industry
Retained MSP Clients
If Petronella Technology Group is already your managed IT provider, emergency response is part of the relationship. You go to the front of the queue. Your systems are already documented, your backups are already monitored, and our engineers already know your environment. That context matters in a crisis.
- Priority queue -- no wait behind new callouts
- Documented environment means faster triage
- No hourly emergency premium
- Backup and DR status already known
Non-Client Emergency Callouts
We accept one-time emergency callouts from organizations that are not currently on a managed service agreement. You don't have to be a retainer client to get help when something critical breaks. We bill hourly for these engagements with a first-hour minimum.
- 5-250 user SMBs in NC -- any industry
- No existing contract required
- Hourly billing, transparent scope
- Post-incident we can discuss ongoing coverage
Do Not Pay the Ransom. Call Us First.
Ransomware payment does not guarantee decryption. It funds the attacker's next campaign. In many cases we can recover data without paying -- but only if the right steps are taken immediately after discovery.
Stop -- Do These First
The next five minutes matter more than the next five hours. Wrong actions destroy evidence and eliminate recovery options.
- Isolate affected machines -- pull the network cable or disable Wi-Fi on infected systems
- Do NOT shut the machine off -- live memory may contain decryption keys or attacker artifacts
- Do NOT delete or rename encrypted files -- this destroys evidence and recovery paths
- Photograph or screenshot the ransom note -- we need the attacker ID and contact info for threat intelligence
- Call us at (919) 348-4912 -- do not contact the attacker
Our Ransomware Containment Playbook
Petronella Technology Group follows a documented incident response procedure built around established frameworks. Here is what we do when we engage on a ransomware event:
- Containment -- segment the network, revoke compromised credentials, halt lateral movement
- Identify the ransomware variant and map the attack vector -- most variants have known characteristics
- Assess backup integrity -- are offsite or immutable backups intact and unencrypted?
- Coordinate with your cyber insurance carrier -- we speak their language and can document what they need
- Restore from clean backups where available -- validated, not assumed clean
- Harden the environment before reconnecting -- close the entry point that let the attacker in
Breach Notification Windows Are Not Flexible
HIPAA requires breach notification within 60 days. CMMC incidents must be reported to the DoD within 72 hours. North Carolina state law has its own breach notification requirements. Missing these windows creates legal exposure on top of the breach itself.
Evidence Preservation
How you handle the first hours after discovering a breach determines what evidence is available for forensic analysis, insurance claims, and law enforcement. Wrong moves destroy the chain of custody.
- Preserve system logs before they rotate -- firewall, auth, endpoint
- Do not reimage or reformat affected systems until forensic imaging is complete
- Document who accessed what, when -- internal timeline matters for the notification letter
- Identify what data categories were potentially exposed -- PII, PHI, CUI, financial records
Legal and Law Enforcement Coordination
We help organizations navigate the post-breach obligation landscape without requiring them to become legal experts overnight.
- Produce a forensic report your attorney can use to draft the notification letter
- Assist with FBI IC3 and local law enforcement reporting where applicable
- Coordinate technical findings with your cyber insurance claim adjuster
- Support HHS breach reporting for HIPAA-covered entities -- see our healthcare cybersecurity services
- DoD incident reporting for defense contractors under CMMC -- see our CMMC compliance guidance
Transparent Billing, No Surprises
We do not give you a quote while your systems are on fire. Here is how emergency pricing works so you understand it before you need us.
Emergency Callout Rate
We bill emergency callouts hourly with a first-hour minimum. You know the rate before we start. Time is tracked transparently, and you receive an itemized invoice with the post-incident report.
Retained MSP Clients
Organizations on a managed services agreement get priority queue with no hourly emergency premium. Emergency response is part of the managed service relationship, not an add-on line item.
On-Site vs. Remote
Remote work is billed at the standard rate from the moment the session opens. On-site dispatch includes portal-to-portal time for Raleigh and Research Triangle locations. We discuss scope before dispatching.
After-Hours and Weekends
True 24/7 emergencies -- ransomware active, systems down with revenue impact -- are triaged regardless of time. We are direct about what qualifies as an emergency vs. what can wait for business hours.
Questions about pricing or scope? Call us at (919) 348-4912 and we will give you a straight answer.
Most Emergencies Are Preventable
Ransomware, server failures, accidental deletions, breach exposures -- the common thread is deferred maintenance, unmonitored systems, or absent backups. The organizations that never call us in a panic are the ones on a proper managed program.
Managed IT Services
Proactive monitoring, patch management, and helpdesk support that catches problems before they become emergencies. The foundation of a resilient IT environment.
Endpoint Detection and Response
EDR catches attacker behavior -- lateral movement, credential theft, ransomware execution -- before the damage is done. Required by most cyber insurance policies.
Backup and Disaster Recovery
Immutable, tested backups are the only reliable defense against ransomware. We design, implement, and test backup solutions so that restoration is predictable when you need it.
Virtual CISO
Strategic security leadership without a full-time hire. A vCISO from Petronella Technology Group builds the policy framework and vendor relationships that keep emergencies from becoming crises.
Questions We Hear When Systems Are Down
Can you help us even if we're not a current client?
Yes. We accept one-time emergency callouts from organizations that do not have an existing managed services agreement with Petronella Technology Group. You call, we answer, we scope, we work. Billing is hourly with a first-hour minimum. We will discuss whether ongoing managed coverage makes sense after the emergency is resolved -- not during it.
What information do you need from me before you can start?
The five intake items described above cover most of what we need for triage. For remote access we need either a Windows Quick Assist code, TeamViewer session ID, or VPN credentials if you have them. For Microsoft 365 issues, global admin credentials. We will guide you through it -- you do not need to know the technical setup in advance.
Can you give us a quote for on-site dispatch before you arrive?
We can give you the hourly rate and an estimated scope range before we dispatch. For complex incidents we cannot give you a fixed quote because we genuinely do not know what we will find until we are in the environment. We are direct about scope as it evolves, not after the fact.
We think we've been breached. What happens next?
Call us immediately at (919) 348-4912. We will triage whether this is confirmed or suspected, begin containment, and assess what data categories may have been exposed. Simultaneously we will advise on your notification obligations -- HIPAA, CMMC, NC state law -- so you are not caught off guard by a regulatory clock you did not know was running.
Do you help with cyber insurance claims?
Yes. We produce documentation -- incident timeline, forensic findings, remediation steps -- in a format that cyber insurance adjusters expect. We have worked alongside adjusters on claim submissions and understand what they need to process a claim efficiently. If you are filing a claim, having a technical partner who speaks that language matters.
What is your coverage area in North Carolina?
Our primary on-site coverage area is Raleigh, Durham, Chapel Hill, Cary, Apex, Morrisville, and the Research Triangle Park corridor. For remote work we can support any location with internet connectivity. For locations outside the Triangle, we assess each situation individually and will be honest about whether a longer drive-time response is appropriate for your emergency type.
Do your engineers speak languages other than English?
Our primary service language is English. If you have specific language requirements, let us know when you call and we will accommodate where possible or connect you with appropriate resources.
What billing options do you offer for emergency work?
We accept credit card, ACH, and check for emergency callout work. For existing clients, emergency work goes against your standard invoice cycle. For one-time callouts, we typically collect a card on file before remote sessions start for new clients.
Can you help with Microsoft 365 specifically? We're locked out of our tenant.
Yes. Tenant lockouts from lost MFA devices, suspended accounts, or misconfigured conditional access policies are a category we handle regularly. We work through Microsoft admin recovery procedures and can escalate through Microsoft's business support channels if the standard paths are blocked. Have your tenant domain name and any available admin account information ready when you call.
How quickly can you have us back to normal operations?
That depends entirely on what "normal" means and what failed. A single misconfigured firewall rule can be resolved in under an hour. A full ransomware recovery with clean restore from backup typically takes one to three business days for most SMBs. A full infrastructure rebuild from a complex attack can take longer. We give you an honest timeline after triage -- not before, because every incident is different.
Every Minute of Downtime Costs Money. Call Now.
Petronella Technology Group engineers pick up the phone. No voicemail maze. No service desk bot. A real person who knows how to fix what you're describing.