First port of call in the event of a cyberattack
Are you a victim of a cyberattack and do you think that the attack is still under way?
If so, take the steps below. You can limit the consequences of the attack if you act quickly.
You can report the incident or request support from the CERT using the following form.
1. Isolate the infected computer or computers
If you know which computers are infected, disconnect them from the internet and from the company’s local network. DO NOT turn off the computer as this will erase traces left behind by the perpetrators.
2. Look for traces
This is the responsibility of the IT specialists. They will examine the infected computer and try to find traces that betray the pattern of the perpetrator, e.g. changes to the system files, configuration files or company data. They will also check whether the perpetrators have installed malware. Finally, all the log files in the system must be examined thoroughly.
3. Restore the system
The only way to ensure that a computer no longer has a back door open or other malware installed by the perpetrator is to do a full reinstall of the operating system together with the installation of all security patches before the infected computer is once again connected to the company network. You can only do this if you have a back-up of your data because, with the reinstall, all data will be lost.
It is also advisable to change your passwords because it is possible that the perpetrator has them in his or her possession.
4. Prevent a new attack
- It is imperative that the anti-virus software and all the applications installed on the workstation are up-to-date.
- Install a firewall and IDS system.
- Ensure that there is a good password policy.
5. Submit a complaint to the police
Submit a complaint at the local police station.