Risk & Business Magazine Nesbit Agencies Spring 2020 | Page 12

HACKED SYSTEM
5 First Steps To
Take WhenYour
BY: WAYNE NESBIT,
NESBIT AGENCIES
System Gets Hacked
Your initial response to being
hacked might be to panic.
Unfortunately, responding
to a malware attack in a state
of panic often worsens the
effects and leaves your system in an even
more vulnerable position.
To prevent a bad situation from getting
worse, we’ve put together five critical steps
to take when your system gets hacked.
Of course cyber liability coverage is also
integral to mitigating the risk and effects
of a ransomware attack. Just as important
as it is to prevent an attack, it's always best
to have cyber liability insurance when it is
needed.
STEP #1 – DON’T PANIC
This step is the most important, but in
most cases, far easier said than done. So
how do you go about keeping calm when
you find yourself in this sticky situation?
As you feel the panic start to set in, take a
step back for just one minute. Practice any
calming technique that is effective for you,
such as closing your eyes and taking a deep
breath or taking a sip of cold water. Refrain
from impulsive decisions, but understand
that action must be taken quickly to
prevent the virus from spreading to other
devices.
Taking a minute to gather your bearings
before addressing the attack will be time
well spent as you approach the next steps
with a clear head.
While it is important to keep calm, it is also
important to be efficient. If you feel too
anxious or too disoriented to go through
this process, ask for assistance from
another member of your team.
STEP #2 – ISOLATE, THEN IDENTIFY, THE
INFECTION
Some viruses move very fast, so it is critical
to detect and isolate infected devices
quickly.
Once you’ve identified an infection—or
even suspect a device may be infected—
disconnect the affected device from all
networks, both wireless and wired, and
terminate connections to any external
storage devices. The virus will be actively
seeking out outgoing connections from
infected devices, so be thorough when
carrying out this step.
Any devices that may have shared a
connection with an infected device should
be quarantined as well, even if they have
not shown any signs of infection. Malware
viruses will often sit dormant to avoid
detection. To minimize the impact on your
system, ensure that any device that may
have come into contact with the infection
is isolated until it can be assessed by an
expert.
Most ransomware will identify itself upon
infection followed by a request for ransom.
This is designed to be a fear-mongering
technique on the part of the hacker, but it
is also a double-edged sword as it gives you
an idea of what you are dealing with. In the
event that this does not occur on its own,
there are numerous sites that will aid in
identification of the virus. A few examples
of such websites include ID Ransomware,
No More Ransomware! Project, and Crypto
Sheriff.
Once you’ve identified the ransomware you
have in play, you will be better equipped
to understand how it works, what types
of files it targets, and your options for
disinfection and removal.
STEP #3 – REPORT THE ATTACK
Although authorities may not have the
power to fully resolve the effects of the
infection, reporting all ransomware
attacks provides intel for law enforcement
to develop preventative measures and
reduce the risk of future attacks on you
and others.
STEP #4 – ASSESS YOUR OPTIONS
When your devices are infected with
ransomware, you are presented with only
three options:
1. Pay the ransom.
2. Attempt to remove the malware.
3. Wipe systems and start from scratch.
Paying the ransom is not recommended.
At the very least, it will render you more
susceptible as a target for future attacks.
Additionally, in most cases, victims are not
successful in unlocking the encrypted files
even after paying the ransom.
This leaves you with the two remaining
options: restore your system or start from
scratch.
STEP #5 – TO RESTORE OR RESTART
Although attempting to remove the
malware may seem the most logical
12