Your initial response to being hacked might be to panic
Unfortunately, responding to a malware attack in a state of panic often worsens the effects and leaves your system in an even more vulnerable position.
To prevent a bad situation from getting worse, we’ve put together 5 critical steps to take when your system gets hacked.
Step #1 – Don’t Panic
This step is the most important, but in most cases, far easier said than done. So how do you go about keeping calm when you find yourself in this sticky situation?
As you feel the panic start to set in, take a step back for just one minute. Practice any calming technique that is effective for you, such as closing your eyes and taking a deep breath or taking a sip of cold water. Refrain from impulsive decisions, but understand that action must be taken quickly to prevent the virus from spreading to other devices.
Taking a minute to gather your bearings before addressing the attack will be time well spent as you approach the next steps with a clear head.
While it is important to keep calm, it is also important to be efficient. If you feel too anxious or too disoriented to go through this process, ask for assistance from another member of your team.
Step #2 – Isolate, then Identify, the Infection
Some viruses move very fast, so it is critical to detect and isolate infected devices quickly.
Once you’ve identified an infection—or even suspect a device may be infected—disconnect the affected device from all networks, both wireless and wired, and terminate connections to any external storage devices. The virus will be actively seeking out outgoing connections from infected devices, so be thorough when carrying out this step.
Any devices that may have shared a connection with an infected device should be quarantined as well, even if they have not shown any signs of infection. Malware viruses will often sit dormant to avoid detection. To minimize the impact on your system, ensure that any device that may have come into contact with the infection is isolated until it can be assessed by an expert.
Most ransomware will identify itself upon infection followed by a request for ransom. This is designed to be a fear-mongering technique on the part of the hacker, but it is also a double-edged sword as it gives you an idea of what you are dealing with. In the event that this does not occur on its own, there are numerous sites that will aid in identification of the virus. A few examples of such websites include ID Ransomware, No More Ransomware! Project, and Crypto Sheriff.
Once you’ve identified the ransomware you have in play, you will be better equipped to understand how it works, what types of files it targets, and your options for disinfection and removal.
Step #3 – Report the Attack
Although authorities may not have the power to fully resolve the effects of the infection, reporting all ransomware attacks provides intel for law enforcement to develop preventative measures and reduce the risk of future attacks on you and others.
Step #4 – Assess Your Options
When your devices are infected with ransomware, you are presented with only three options:
- Pay the ransom.
- Attempt to remove the malware.
- Wipe systems and start from scratch.
Paying the ransom is not recommended. At the very least, it will render you more susceptible as a target for future attacks. Additionally, in most cases, victims are not successful in unlocking the encrypted files even after paying the ransom.
This leaves you with the two remaining options: restore your system or start from scratch.
Step #5 – To Restore or Restart
Although attempting to remove the malware may seem the most logical option, in actuality, it is extremely difficult to do so. Fully removing a virus from an infected system while keeping the system intact requires advanced decryption and analysis. Because ransomware is constantly evolving, in most cases, decryption technology is not advanced enough to fully recover files affected by the latest malware strains. This constant evolution also enables traces of the virus to remain dormant and undetected after the system has been restored, waiting to attack again.
Thus, a complete wipe and start from scratch is the best option for most ransomware victims. Doing so is the surest way to know that all traces of the infection have been removed from your system.
If you’ve been diligent in creating backups of your files, it should be relatively easy to wipe and repopulate your system data within a close proximity of the date of infection.
Preventative Measures
After suffering the effects of a ransomware attack, you will likely be eager to put preventative measures in place to avoid another attack. If you have not yet experienced a ransomware virus, the following tips will be invaluable to you in minimizing your chances of becoming debilitated by any future infection and will put you in a stronger position to handle an attack should you be targeted again in the future:
- Install a certified anti-virus and anti-malware software that automatically blocks known payloads from launching.
- Comprehensively back up all important files to an external network on a daily or weekly basis. It is also a good idea to keep offline backups on an external hard drive.
- Keep on top of installing security updates (i.e., install an update as soon as you are notified that it has become available).
- Do not open email links or attachments from unfamiliar sources.
- Segment your networks and turn off unnecessary network sharing connections.
- Give all users the lowest permissions required to complete their work.
- Restrict writing permissions on files as much as possible and use password protection on all sensitive information.
- Educate your employees and other network users on the above practices and update them on any new scams they may encounter.