If you realize that your e-mail or computer is compromised what should you do? STOP doing anything!
Your company may have specific guidelines and if so, contact the point person within your organization. If not some simple guidelines are:
- Turn off the computer
- Contact your IT department, help desk, managed service provider or whomever is responsible within your company.
- When you or your help desk turn it back on make certain it is not attached to any network. Unplug the network cable, put it in plane mode, keep it disconnected from anything it could infect
The next steps depend upon what you are infected by. There are too many types of malware to describe all circumstances. Some malware redirect your browser to a spoofed web page, or capture keystrokes to try and steal personal information. Ransomware encrypts your files to required you to pay for the decryption key, which is much more complicated and difficult to deal with.
Remember, the first thing is to remember to do nothing if you are not very knowledgeable. However, if the infection is not ransomware you can backup your data and run some anti-malware software to remove the virus. Sometimes your software can’t remove the malware and you will need to reformat and rebuild your computer. If that is the case, you will need to re-install your software and restore the data from a backup. It may be possible to take a backup before you rebuild the computer depending upon the nature of the intrusion.
For ransomware the actions will vary based upon who you were attacked by, your backup and disaster recovery (DR) preparedness, and how much damage was caused.
- Who attacked you?
- Is this a commonly known ransomware that was launched by a hacker who was looking for uneducated targets to quickly pay a small fee for the decryption tool or nothing?
- Is this a professional hacker who developed a new strain of ransomware to attack a company?
Your anti-virus provider may have a fix for simple ransomware. A professional hack will not be decrypted by these commercial tools. We cannot say often enough that an expert in cyber security will be able to discern this very quickly and direct you to the proper answer.
- What is your backup and DR plan?
- If you backup data regularly, and know you can restore it properly, you will have the option of rebuilding your computer and restoring the data.
- If you have an image of the computer or server from before you were infected, you will have the option of restoring that image.
An important caveat is knowing when you were infected. If you restore from backup or an image after you were infected, you can re-infect your computer and network, creating even more havoc for yourself and co-workers.
- How far did it spread and how much data was impacted?
- If the ransomware was isolated, contained and did not spread across your network, it is easier to rebuild a computer or server.
- If the ransomware spread, it can cripple a company’s ability to operate. In these cases, cyber security experts will often recommend that you pay the ransom. In most cases you will receive a decryption key. Professional hackers are more likely to provide the key and instruction for decrypting the file.
Do not just start decrypting data without trained professionals. Typically, there are tools which take the encrypted data, run a decryption routine which restores a new copy of the file to the original format, and then delete the encrypted files. This sounds simple, but the decryption may not reach all files for a variety of reasons.
Malware, viruses and ransomware are complex and dangerous. Working with your team and specialists is the only prudent action.
Remember it is always better to be overly cautious about cyber security than take a risk! If you can't wait to learn more, contact one of our representatives at firstname.lastname@example.org or call one of our solution experts at 678-627-0646 x230.