Prevention and distrust are two concepts we can not forget when putting ourselves in front of a device. This is definitely clear after seeing how we are affected by the lack of security at home and at work, as well as knowing how to prevent a cyberattack.
And we will not stop saying it: conscience and good practices. Always remember that in terms of cybersecurity, every precaution is helpful.
But what happens when it’s too late? What should we do if we have been attacked by a cybercriminal?
In this fourth and last part of the guide, we will make a list of steps and recommendations to follow once we have been victims of some of the multiple threats already mentioned throughout this manual.
From knowing how to detect them, to how to face them, we bring you an index in which the emphasis will be on reacting in time and trying to minimize risks.
1. What to do if they impersonate your identity?
Among some of the symptoms that we can find if they have supplanted our identity are the following:
- You can not access your personal accounts with the credentials with which you normally use to login.
- You receive emails from purchases you have not actually made.
- Content is shared on your social networks from your account even if you have not published it.
- You do not get some of the bills you usually receive.
If we believe that we have been victims of identity theft, there are a series of steps we can take to respond to the incident and recover from it.
Close affected accounts immediately and change passwords
Luckily, we can avoid in time the attacker taking advantage of our resources if we freeze or change credit cards or bank accounts, as well as all access passwords, even those of our social networks or email.
It is always advisable to go to the financial institution in which we operate. We must ask for advice about the possible repercussions and the steps we must take in case the account has been affected by an attack.
Submit a report to the authorities
It is important to gather all the information possible, through screenshots, paper documents, links, email addresses, emails, messages… and give a report to the Police.
Contacting government agencies
It is not usual for cybercriminals to be behind this type of personal data, but if they have stolen documentation regarding the driver’s license or the social security number, we must contact the relevant social security offices.
2. What to do if I am a victim of a ransomware attack?
If they are asking us for a ransom to re-establish the normality of our equipment and return the decrypted information, then we are facing a ransomware attack.
Again we must act as soon as possible. First we must turn off our device, as it stops the encryption process.
On the other hand, trying to pinpoint the exact moment of the infection can help when identifying the type of ransomware or determine the extent of the attack once it has occurred.
Source: Panda Security
If we have backups, consider returning to a previous state in the system. This can be a very good option.
We should never pay the ransom. In this way we will only be encouraging the cyber criminals to commit these type of attacks and we are not sure that we will recover the information.
Once again, we must report the attack to the authorities of our country and contact a company specialized in cybersecurity so that it can help us solve the incident.
3. What do I do if my website goes down due to a DDoS attack?
Sometimes it is difficult to know if we are suffering a Distributed Denial of Service (DDoS) attack. If your website is down, it may be because of legitimate traffic and not because of an attack. The key to distinguishing it lies in the amount of time the service is down.
There are cases in which cyber criminals send an email to notify of the incident and force payment so the attack is avoided. In fact, to show that it is not a joke, they cause a brief interruption or an unexplained peak of traffic as a test.
What we must do once we confirm we are facing a DDoS is to contact specialists in mitigating these attacks to help us. It will be key to stop the attack.
Second, notify the place where we have hosted our website. In most cases the threats end up being false. However, it does not hurt to give the alarm and have as many resources as possible on our side.
Under no circumstance should we pay or get in touch with the extortionists, since we could encourage them to attack us again in the future.
4. USB infection and external memories
Having a virus or malware causes them to spread from one device to another, acting just like any other infection.
The pendrive is a frequent attack location, but also external hard drives, memory cards, iPods or MP3 players, digital cameras, etc.
A computer can be infected through an external device that contains a virus. The infection will be made automatically by simple connection if automatic execution is active for external devices. The simple fact of making a double click on our pendrive or external hard drive will infect the operating system.
We will know that we are infected if:
By double clicking to open the external devices connected to our computer, nothing happens.
When viewing hidden files and folders, we realize it contains some unknown files. We must never click on them, since we will be activating the virus if it has not been activated yet.
To eliminate any threat, the antivirus plays a very important role, so we want to remind everyone that having it always updated can avoid many setbacks. We must scan the external memory and the devices to which we have connected with the antivirus, as well as avoid using it on others if we have not made sure before we have completely eliminated any threat.
In any case it will always be recommended to reset the USB. However, we must bear in mind that by doing this, we have eliminated the risk this USB will continue to infect other devices, but our computer may still be infected, so we will have to make sure that we also eliminate the infection on all our devices. If not, our USB would get infected again when connecting it to a computer.
5. What to do if we have a virus on our computer
When our computer contains a virus we know it because all kinds of pop-ups and messages on the desktop usually appear, either announcing things, saying that the PC is infected and must be protected, etc.
It may be the case the virus is performing tasks that consume resources, which is why the computer can slow down. Another symptom is the fact that applications do not start, or another one we did not want to start is executed.
When we connect to the Internet, many windows may open or the browser displays unsolicited pages. This often happens since many of the threats are designed to redirect traffic to certain sites that the user has not chosen, and even to falsify directions making us think that we are entering a legal site when it is actually a copy of the original.
If we realize that some documents like photographs, certain folders, text files, etc. have disappeared from our computer, we should worry. It can be an infection.
Another feature of many computer threats is the disabling of the security system installed, such as antivirus or firewall. If just one gets closed, it can be coincidence; but if they are all disabled, it is almost an unequivocal symptom that we have become infected.
In the same way, if the languages of the applications are changed, the screen turns inside out, etc. we will have to apply the following recommendations:
- Disconnecting from the network: We must unplug the network cable, telephone or data from the equipment to try to prevent the data from reaching the attacker. The bots can also use our equipment as a zombie in a coordinated attack on a larger scale.
- Analyze our computer with an antivirus: A program with antivirus and antispyware functions can detect and often eliminate software threats from illegal activities that would otherwise remain hidden in the computer.
- Make backup copies of important information: A backup of our most valuable files, such as photos, videos and other work or personal files on a hard drive or removable media, such as a CD or DVD.
- Reinstall the operating system: Sometimes the only solution is to start over from scratch and reinstall the operating system of the computer.
6. What if I have a virus on my smartphone?
The use of smartphones is increasing and spreading among all generations.
This results in the increasing creation of viruses by hackers, who take advantage of the large amount of data traffic, which can put our privacy at risk.
The most common situation is when advertising starts to appear in the notification bar, also affecting the battery consumption or the speed of Internet connection. With this type of virus or malware it will be easy to deal with, while others, in the worst cases, will block the device completely and force us to pay to unlock it.
We must control the permissions we grant to the applications when we download them, since most establish some permissions that are configured automatically. For example, Google Maps asks to know in which location you are at all times, or certain applications have permission to the microphone or the camera of our electronic devices.
We must ask ourselves this question, is it really necessary? And the obvious answer is no.
If we do this, we will be able to know more easily which is the problematic application and which has the most probabilities of being the culprit of the infection of our smartphone.
Even if you think that by eliminating the application you have solved the problem, you should scan it with an antivirus to make sure. Once the analysis is finished, we can see not only the applications that are causing the problem, but also the files that have been affected.
After this, it is advisable to permanently delete those files, at least that way we will stop the infection and eliminate the virus or malware.
It never hurts to perform a second analysis to make sure that we have completely rid ourselves of the problem. And in case our passwords have been affected, we will have to change them.
We must always be prepared
Taking into account all the recommendations mentioned, we could summarize them in 5 stages or steps that we must follow to face any cybersecurity issue:
- Preparation: Have a safety plan to know how to act.
- Identification: Detect the attack, determine the scope of the attack and keep the parts involved up to date.
- Containment: Try to minimize the risks and the impact of the attack.
- Remediation: Stop the attack once the situation is controlled.
- Recovery: Return to normality.
Now that we know it is all about time, having the help of a cybersecurity company will make the process easier and faster. Therefore, do not hesitate to contact Open Data Security and we will advise you on how to avoid and deal with the main cyberthreats, as well as how to protect your privacy.
Whether you are a company or a private user, you can call us in case of an emergency.
Latest posts by Marta Arana (see all)
- Mr Robot: cyber security lessons at home and from the sofa - April 11, 2018
- No one is safe from cyberattacks, and celebrities are no exception - April 4, 2018
- Artificial Intelligence: should we be scared? - March 14, 2018