What to do if you think you have been hacked...

What To Do Next?

This is not a simple answer to give but its something that we get asked all of the time, so here are some basic tips to keep in mind.

To best explain we will go through a couple of scenarios that may be common incidents in your day to day lives and give some basic recommendations of what you should do.

By Craig Ford - Cyber Security Specialist

Phishing/fraud emails

Saying that they have breached your accounts and want you to pay a ransom or they will share all of your history.

This type of scam email is hitting inboxes all over the world in large numbers lately and although not technically a breach, because they are indicating that they have breached your systems it was enough to add it in. Hopefully, we can help make some of you feel much more comfortable that you haven’t actually been breached.

What should you do in this situation:

  1. Firstly, just to be safe, reset your passwords (if you don’t have 2factor authentication configured, talk to us about this please).
  2. If you are still unsure if you’ve been breached or not – send the email through to our security team and we will check it out for you and advise what your next step should be.
  3. Delete the email and forget all about it.

Ransomware or viruses on your machine

This will probably be the type of incident that most will have possibly already experienced. Unfortunately, it is a huge problem that has only been getting worse over the past 12 months especially ransomware.

You walk in after lunch and you see a ransomware message on your screen saying that all your files have been locked and it will cost you $$$ in bitcoins to get them unlocked. What should you do now?

  1. Unplug your network cable from the wall socket or computer, switch off the wireless on your device if that is how you connect to the network.
  2. Turn off the device.
  3. Notify the rest of the organisation that the infection has occurred and see if anyone else has seen similar messages or funny things occurring on their systems? If so, repeat steps one and two on that device.
  4. Contact your IT department or an external security team (Like Davichi) so that we can investigate the incident and make sure that all other machines are clean. If not we will take action to clean systems up. If no other issues are found we will organize to clean your device and restore backups to ensure you lose minimal data.

Strange activity or very slow systems

This type of incident or breach is a little harder to detect especially if your systems are not monitored with a reliable security platform.

Have you noticed PC’s being logged in at strange hours, emails being sent that are not being sent by you or you are receiving bouncebacks? What about your systems dramatically reducing in performance (this one could be many things but certainly could be a systems breach).

If you think that a breach has occurred what should you do?
  1. Nothing… yes, that is correct, do not pull out cords, and do not run antivirus scans. DO NOTHING with the systems that you believe could be breached. This is important as you will damage any evidence of the breach, you may alert the malicious actor if they are on your systems that you know they are there. We know this is against human nature to just do nothing but please follow this recommendation. It could be the difference in catching the malicious actor or not.
  2. This is the stage you do something – reach out to the Davichi security team, tell us what you feel has occurred and give us all of the information that you have on the situation so that we know what we are looking for.
  3. Davichi will then investigate the incident and report the results of our investigation to you and if necessary work with you to engage the support of AFP, State Police Services or ACSC (JCSC – Joint Cyber Security Centre) if needed.
  4. Once the investigation has taken place systems can then be cleaned and restored to full functionality with passwords reset.

We hope that the above advice will help you all feel more comfortable about what you should do in case of a security incident or breach. It is important that we react as best we can to these types of events as the right decision could make the difference in full systems lost or just a minor inconvenience.

If you would like Davichi to help improve your security awareness or overall systems security reach out to our security team via cybersecurity@davici.com.au or via our office number and one of the team will discuss this with you.

Need more information?

For more information, Click Contact Us, or call us on +61 7 3124 6059 and speak to a Davichi Representative Today!

Latest News

What is Penetration Testing?

What is Penetration Testing? Penetration testing is a security evaluation executed exactly as a real attacker would. System vulnerabilities are discovered and exploits are launched

Read More »

Lets Talk

Please fill in this form, and our sales team will get back to you as soon as possible.