Get Your Computer Back: What to do After You’ve Been Hacked

No matter how cautious you may be with technology, you are constantly a target for new and emerging cyber threats which could eventually lead to your computer and/or mobile devices being compromised…or, as some say, HACKED!

First things first, DON’T PANIC.    

The faster you are able to detect you have been hacked, the better. Here are a few signs to watch for:

  • The anti-virus software on your device triggered an alert that your system was infected, or you need to remove/quarantine certain affected files.
  • Your device or applications keep crashing and browser windows or pop-up boxes keep opening up outside of your control.
  • Unknown app icons appear on your device.
  • New accounts (which you did not create) emerge.
  • New programs (you did not personally authorize) start running on your device.
  • Your internet browser homepage has changed unexpectedly or you are automatically directed to websites you did not consent to.
  • A program requests your authorization to make changes to your system when you are not actively installing or updating any applications.
  • Your password no longer works when you try to log in to you device or an online account, even though you know it’s correct.
  • Your friends have received spam emails or phishing messages sent on your behalf from your accounts.  
  • Your mobile device suddenly has unexplained high data or battery usage.

Responding to a Hack

If any of these symptoms occur on your device, immediately disconnect from the network. If it is a mobile device, turn airplane mode on.

  • If the computer or device was provided to you by the University or is used for University business, DO NOT try to fix the problem yourself. Contact your departmental IT Professional or call the IT Tech Support number. You are required to report the incident as well. Please review the mandatory reporting requirement at https://www.umsystem.edu/ums/is/infosec/hr-mandatory-reporting.   

If it’s your own personal device/computer, follow these steps to avoid any long-term damage:

  • Change your passwords on your computers, mobile devices AND all of your online accounts. Do NOT use the hacked computer to change the passwords: use a device or computer that you know is secure enough to change your passwords.
  • Follow instructions from your anti-virus software. Most anti-virus software programs have links to follow with steps on how to quarantine, clean or delete the infected file.
  • Rebuild your device. This is a more secure way to be sure that your system or the infection has been fixed. Rebuilding instructions can be found inside your system’s manufacturer’s instruction guide. If you’re using an old device or computer, it may be cheaper for you to just replace the device rather than try and rebuild it. Once your device has been rebuilt (or you purchased a new one) make sure it is updated with the most current software and enable automatic updating when you can.
  • Enable automatic backups, if available. The most important step you can take in protecting your device is backing it up regularly, and periodically checking that you are still able to restore those backed up files. This may be one of the only ways you can recover your information after being hacked!

Resources:

  1. SANS (2016). “I’m Hacked, Now What?” Retrieved from: https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201604_en.pdf

Last updated: September 14, 2017