You’ve heard us talk a lot about hackers and how to protect your computer, BUT how do you know when you’ve fallen victim to a cyber attack and what should you do if it happens to you?
Remind me, what IS Ransomwear?
It’s basically when a hacker locks you out of your computer and you have to pay a ransom (usually in bitcoin) to regain access – not cool at all right?
Due to Covid-19 (booooo!), more and more companies are putting themselves at risk due to not having the right processes in place to work from home – in fact, it’s estimated there are more than a hundred calls to insurers every day relating to problems caused by ransomware…
So, how do I know if I’m under attack?
Ok, here’s the scary bit, it could have already happened. If a hacker gains access to your systems, they won’t strike straight away, they’ll bide their time and wait for the right moment. They’ll watch for your weaknesses, investigate your database and work out how best to maximise their profit… yep, we REALLY hate hackers.
- Check for open RDP links (Remote Desktop Protocol) – it’s Microsoft technology that allows a local computer to connect to and control a remote PC over a network or the internet. RDP links left open to the internet are a very common route for cyber criminals to enter your network. Scan for open RDP ports regularly, and utilise multi-factor authentication for your links (multi-factor authentication is where you generate a code on a separate device to prove it’s really you). Or have them behind a VPN (Virtual Private Network), which gives you a private network from a public internet connection.
- Keep an eye out for unexpected software – Often, cyber criminals will take control of just one PC first, perhaps using a phishing email to persuade someone to click on a bad link without realising it. Once they have control of one PC, they can then target the entire network.
- Monitor your admin – What’s the best way for hackers to download the applications they need? They create a new administrator account for themselves. Then they can download whichever tools they need to compromise your network. You need to be aware of software such as Process Hacker, IOBit Uninstaller, GMER and PCHunter. These are all legitimate tools which could be used by any IT specialist.
- Check out any disabled tools and software – You can tell that an attack is close to being launched if Active Directory and your domain controllers are disabled. Next, any backup data the criminals have found will be corrupted. And any systems that automatically deploy software will also be disabled, to stop your attempts to update your computers after an attack. Something called PowerShell will then be used to spread everything across your network.
Help, I’m under attack! What do I do?
Ok, don’t panic. Firstly, it’s important to regain control of your RDP sessions (remember, the remote access we mentioned earlier on). This will stop attackers coming in again. And will also cut off their control access. You can force a password change across your core systems, which will also throw your attackers out. However, it’s worth noting that this is pointless if your RDP access is not cut off and controlled, as the attackers will just re-enter.
Pick up the phone and get directly in touch with your IT support team (like us!). We’re the specialists who can stay calm in a crisis and get to work ensuring you win this battle vs the hackers.
We’ve got you covered.
If you’d like more info on the systems and tools we’ve mentioned in this blog, don’t hesitate to get in touch here and we can provide that for you, OR if you’re looking for an IT support team who work at expert level, then give us a call for that to..
