Hopefully your computer is not already infected, but if it is, it is important not to panic or take drastic, spontaneous action to solve the problem. This could exacerbate the problem further and make recovery take longer. To effectively respond to a malware infection or data breach, you need to follow this step-by-step process.
1. Stop the spread
Immediately disconnect the infected computer from the internet and any other connected devices. Malware is usually designed to spread to other computers on the network to maximize impact, so you need to contain the threat to minimize the damage. If applicable, also deactivate any Wi-Fi network the computer was connected to. This way you can be sure that the malware won’t spread locally and can’t communicate with the attacking party.
2. Identify the attack
Try to determine what kind of attack you have experienced and what kind of malware was used to make remediation easier and faster. Note the effects of the infection, and if the malware came with a message (such as a ransom demand), copy that down as well. We recommend hiring a cybersecurity consultant or forensic specialist, as they will typically be well versed in identifying the different types of malware and rooting out the source of the attack.
3. Log out of all connected accounts
If you have used the infected computer to access sensitive accounts, such as online banking or secure file storage, log out of those accounts on all devices ASAP. Use a different, safe device and go to the app’s security settings. There is often an option to log out all users and devices from the account regardless of location. While you’re there, change the passwords to all of these accounts, following strong password guidelines.
4. Alert stakeholders and relevant parties
The next important step is to alert your company’s IT services provider (cybersecurity team, IT department, MSP, etc.), or your personal tech support provider so they can prepare appropriate countermeasures. You should also inform those who might be affected by the attack, such as coworkers and clients. The alert should describe the type of attack, when it occurred, and what steps have been taken to mitigate the threat. From there, you should include steps on how the affected parties can protect themselves (i.e., change their passwords and check their account activity).
5. Run anti-malware programs
If you have up-to-date anti-malware software installed, do a full system scan. Hopefully the infection is a known one, in which case the program should quarantine or remove the malware. If this is successful, that’s a good start, but it does not mean the computer is now safe. More steps must be taken and the computer still needs to be fully audited by a cybersecurity expert until it can be considered clean.
6. Back up critical data
If you haven’t already backed up the data on the infected computer, do this now to an external hard drive or secure cloud storage, not to another computer. This will ensure that if you have to wipe the device, you don’t lose anything important.
7. Perform a full memory wipe and reinstall
If you’re still unsure if the device is fully safe, wiping the device and starting over fresh may be the best course of action to ensure the infection does not survive. A full reinstallation of the OS and any other installed programs will be required.
8. Remain vigilant
Even after the threat appears to have passed, you need to keep an eye on things to ensure nothing important has been compromised. Watch your financial activity carefully, and check your email and other channels for suspicious activity. The attack may have been brief, and you may have done everything right to fix it, but the malware could have already acquired sensitive information, so it’s up to you to make sure that cybercriminals can’t use it.
If your business in the Tampa Bay area has been the victim of a malware attack, contact predictiveIT today. We’ve been helping companies avoid and mitigate the damage of cyberattacks for over 20 years, and we can utilize our extensive expertise and cutting-edge cybersecurity tools to keep your business secure and productive.