You’ve Been Hacked – What Should You Do?
Signs You’ve Been Hacked
In today’s threat landscape it is a matter of when hackers will gain access to your computer or cell phone, not if. Proper layers of security keep most of the malware out of your system and when malware does make it on your system the impact is reduced by containment, but none of us live in an ideal world. The indicators that a hacker has gained access are not always apparent and may seem like an annoyance or trivial, but if your computer closely matches the following signs, you might have been hacked.
- Your antivirus is displaying alerts that you have malware in quarantine or malware that is unable to be quarantined.
- A significant increase in time in opening applications and applications crash.
- New icons for unknown applications on the desktop or in the Start menu.
- Your browser homepage changes without your knowledge or there are new add-ons/plugins.
- A program asks for permission to makes changes to the system when you are not installing or uninstalling an application.
- Friends ask why you’re spamming them with emails or messages on social media.
- Your passwords no longer work when trying to login to online systems (banking, social media) or your computer.
- Your cell phone has significantly less battery life, or you have higher data usage than average.
What You Should Do
- Antivirus: If your antivirus has alerted you to an infection follows its recommendation. Most antivirus will automatically quarantine and clean out the infection, but in some cases, you must intervene if the antivirus is unsure if it should quarantine a questionable file. Always quarantine the file unless you are sure that the file can be trusted. The antivirus usually provides links for more information on quarantined malware or guidance for any manual actions.
- Passwords: Change your online account passwords from a computer that you trust is not infected. Do not change passwords for online accounts from the infected computer because the full extent of the malware might not be known and could contain a keylogger or remote screen capture capability. Your email accounts should have a recovery email or use SMS for password reset.
- Fresh Start: If your computer is still experiencing reduced performance or if you’re not comfortable with using your computer after cleaning up the infection you can use the operating systems built-in utilities to reinstall the operating system. Your computer manufacturer should have instructions on how to reinstall the operating system. Do not restore your operating system from a backup because the backup could also contain malware. Resetting your cell phone is a straightforward process and can be found in Settings. If you are unsure how to reset your cell phone go to the manufacturer website, and if you don’t feel comfortable with resetting or reinstalling an operating system consult a professional. If your computer is more than 3 or 4 years old, you might be better off getting a new computer because the repair cost may exceed the value of your computer.
- Computer manufacturer websites for reinstalling or resetting an operating system:
Ransomware is special enough to have a section of its own. The FBI has given guidance that if the encrypted data is valuable enough (critical to business operations or irreplaceable), you should pay the ransom. If you keep regular backups paying the ransom is less of an issue. Reinstalling the operating system and restoring your data from backups (local drive or cloud storage) is the ideal solution, but keep in mind that some ransomware variants can infect local drive backups, so it’s imperative to check the backup that’s on the drive before you make a decision.