How to Know if You Have Been Hacked |
In all of these scenarios, reinstalling the operating system is the best solution. That doesn't have to mean formatting the hard disk at all - functions for system recovery, for example under Windows or regular backups, often provide sufficient precautions for emergencies. However, one thing must be clear: once a computer has been infiltrated, it must never be completely trusted again. How best to proceed in which case is shown in detail under the individual points.
1) Ransom Note on The Screen
Suddenly a blackmail letter appeared on your system out of nowhere? "Pay XXX Dollars / Euros by ... when you have your Data get back "or something like that - then very often you can assume that you were careless reading and editing your email, that you opened links and/or email attachments that you'd better leave closed In this case: Congratulations, you have become a victim of a crypto-Trojan or ransomware! But be careful: Make sure that your data is really encrypted and that it is not a phishing attempt! Like a crypto-locker -Attack is exactly running, the following video clearly describes:
What to do: If your data is already fully encrypted, hopefully, you have an up-to-date one
Backup that you can restore. If the encryption process is still running (which is rather unlikely when the blackmail message is displayed), you should switch off the computer, remove the affected hard drive (on which the data and the operating system are stored) and hand it over to IT forensics experts - they may be able to save something.
If the data is already fully encrypted and you do not have a backup at hand, you can either research whether the affected Crypto-Trojan and its encryption algorithm are already known and possibly countermeasures exist (which you can then take) or wait to see whether the encryption has been cracked promptly becomes. Under no circumstances should you put the hard drive in question back into operation - some Trojans automatically
destroy the encrypted data after a certain period of non-payment of the ransom. Better to build in a "fresh plate" and that
operating system reinstall. It may be possible to save the "old" data later.
If all of this is too (time) consuming for you, you have two further options: You forget the data, get annoyed and restart the computer. Or - you pay the ransom. This is not recommended by experts, but in some cases, it is essential to be able to restore important data. As a rule, your data will be decrypted again after payment - otherwise the blackmailer's "business model" would not work. However, there is no guarantee that this will be the case. In any case: Be more careful with the next case!
2) Fake Antivirus Messages
Fake virus scanner alerts are one of the surest signs that the system has been compromised. Many users are not aware that the moment such a message appears, the disaster has already happened. Clicking on "No" or "Cancel" to stop the fake virus scan is of course not enough - the malware has already made use of existing security gaps and has penetrated the system. Popular gateways are, for example: Java Runtime Environment or Adobe products.
The question remains: Why does the malware trigger this "virus warning" at all? Quite simply: The alleged test process, which always involves huge amounts of "Viruses" opens up, is used as a lure to buy a product. If you click on the link shown, you will be taken to a professional-looking website that is plastered with positive customer reviews and recommendations. There, credit card numbers and other billing data are requested - and there is still a lot to do many users fall for this scam and voluntarily surrender their identity to the criminals without even realizing it.
What to do: Turn off your computer as soon as the fake antivirus message pops up. (Caution: You must of course know what a "real" message from your virus scanner looks like.) If something needs to be backed up and it can be done without any problems - do it. But the faster the computer shuts down, the better. Then restart in "safe mode" (without network connection) and uninstall the previously installed software (which often works).
However, it is important to bring the system to a state that corresponds to that before the compromise. If this succeeds, the system should start normally again and no more fake messages should be emitted. What now remains is a comprehensive system test and a complete virus scan to check for the last remnants of the Malware to remove.
Tip: Install advanced security software like Protegent antivirus software.
3) Unwanted Browser Toolbars
Probably the second most common sign of infiltration: The browser comes with various new toolbars, all of which promise help. Unless it is (and even then) a product from a well-known vendor, these extensions should be removed.
What to do: Most browsers allow you to display all installed toolbars. Remove any that you don't necessarily want to keep. If the suspicious toolbar is not listed or if it cannot be easily deleted, the browser should be reset to its default settings. If that doesn't work either, proceed as described under "Fake Antivirus Messages" above.
Most toolbars with malicious code can be prevented simply by ensuring that all installed applications are up to date. And also by the fact that when installing free software during the setup process you pay a little attention to what is to be installed and deactivate the corresponding toolbars.
4) Redirected Web Searches
Cybercriminals earn money from Internet users "ending up" somewhere else than they actually want. The clicks on a certain website are converted directly into cash for them - often without the respective site operator even knowing that the traffic is resulting from a visitor redirection.
This type of malware can be found quickly using a search engine in infected browsers: Simply type in some very generic words such as "goldfish" or "puppy" and check whether the same websites appear several times in the result lists - these usually have hardly any reliable reference to the search term. Unfortunately, many of today's web search redirects with the help of various proxy servers are so camouflaged and well hidden that the falsified results are seldom directly visible to affected users. Often it is also toolbars that trigger the redirects. The traffic in and out of a compromised computer is significantly different from that on a clean computer.
What to do: As mentioned earlier, remove toolbars and other malware - that should be enough.
5) Common Pop-Up Windows
Popping windows are annoying. But they are also evidence that the computer was hacked. If websites, which are usually not known for such behaviour, deliver random browser popups, the system has been infiltrated. It's always exciting to see which pages can bypass the browser's anti-pop-up mechanism. It's like fighting spam - only worse.
What to do: Typically, such popup windows are generated by one of the three cases already described. Removing toolbars and other malware helps here too.