You’ve Been Hacked. Now What?

Despite all your security efforts, sometimes hackers can still get the best of you. You opened an e-mail attachment that you probably shouldn’t have and now your computer has slowed to a crawl and other strange things are happening. Your bank called you saying there has been some strange activity on your account and your ISP has just “null routed” all traffic from your computer because they claim it is now part of a zombie botnet. Or a friend tells you that you’ve been sending them strange emails or spamming their social media pages with posts that you aren’t likely to send. All this and it’s only Monday.

If your computer has been compromised and infected with a virus or other malware, you need to take action to keep your files from being destroyed and also to prevent your computer from being used to attack other computers. Here are the basic steps you need to perform to get back to normal after you’ve been hacked.

How was my email hacked?

Your computer was most likely compromised in one of four ways:

  1. You do not have up-to-date security software installed.
  2. Your passwords are weak and easily hacked.
  3. You clicked on a malicious link in an email, IM conversation, or on a social networking site, or webpage.
  4. You downloaded a game, video, song, or attachment with malicious scripts or files attached

What to do after your email was hacked

  1. Isolate Your Computer. In order to cut the connection that the hacker is using to “pull the strings” on your computer, you need to isolate it so it can’t communicate on a network. Isolation will prevent it from being used to attack other computers as well as preventing the hacker from continuing to be able to obtain files and other information. Pull the network cable out of your PC and turn off the Wi-Fi connection. If you have a laptop, there is often a switch to turn the Wi-Fi off. Don’t rely on doing this through software, as the hacker’s malware may tell you something is turned off when it is really still connected.
  2. Scan Your Drive for Infection and Malware. Most hackers collect passwords using malware that has been installed on your computer (or mobile phone if you have a smartphone). No matter which operating system you use, be sure your anti-virus and anti-malware programs are up to date. Choose the setting that will automatically update your computer when new security fixes are available. If you’re already using an antivirus program, run an end-to-end scan of your computer. Look to see that all operating system updates are also installed. To find these, type ’(the name of your operating system) and updates’ into your search engine. Set your computer to update automatically so that you get protection from new attacks as soon as possible.
  3. Change Your Password. Do this after your anti-virus and anti-malware programs are updated or the hackers may collect your new password as well.
  • Strong passwords do not have to be hard to remember, they just have to be hard to guess.
  • Make your password at least 10 characters long, and use capital letters, lower case letters, numbers, and symbols.
  • Do not use information about yourself or someone close to you (including your dog or cat!) like name, age, or city.
  • Do not use words that can be found in a dictionary, these are easy for hackers to break, even if you spell them backward.
  • Text messaging shortcuts can help make strong, memorable password creation easier. For example L8rL8rNot2Day! translates to later, later, not today.
  • Studies show that the average email account has 130 password-protected accounts linked to it, so it’s no wonder passwords often aren’t as secure as they should be. A password manager can help you keep them in order and encrypted.
  1. Consider adopting two-factor authentication. Many email providers offer two-factor authentication (2FA) as an additional security measure. This method requires both a password and some other form of identification, such as a biometric or a mobile phone number, to access an account.
  2. Make a Complete Backup of Your System. Once everything is in pristine condition you should do a complete backup so that if this ever happens again you won’t spend as much time reloading your system. Using a backup tool that creates a bootable hard drive image as a backup will help speed up future recoveries immensely
  3. Smarten up about spam, phishing, and scams. Spam comes at us from all angles; in the mailbox in front of your home (junk mail) in your email inbox, via IM, social networking sites, chats, forums, websites, and sadly, now also on your phone. Now more than ever, it is important to be on the lookout for phishing scams.
  • You do not have a rich uncle you’ve never heard of in some foreign country trying to send you money. You have not won the lottery. No stranger is going to give you money for any reason. No hot babe is lonely and waiting for your response. The only things you’ll get via an unsolicited pharmacy offer is ripped off or an infection (on your computer or phone). If there really was a miracle weight loss cure, it would be front page news and on every TV station.
  • No reputable bank or company is ever going to ask you to ’authenticate’ information online. And if you get an email with a link to one of these sites, don’t use it; instead, use your search engine to find the site yourself, and then log in. If the message was legitimate, the message will be waiting for you in your account.
  1. Validate the legitimacy of any program, game, app, or video before downloading it.Of the millions of new or updated mobile apps analyzed by Webroot in 2017, 32% were determined to be malicious in nature. If the content is pirated, free, or comes to you anonymously, assume it has malware. Only download content that you have read good reviews about from sites you can trust.

Ensuring your account is protected should be a top priority. Having proactive monitoring solutions, and a team available for emergencies are two strategies that will help minimize damage and recover compromised systems. If you’ve been hacked and are unsure what to do next, let us know and we’ll work with you to create a strategy to protect your business.