Recovering from a malware infection

0
52

Even the smartest people fall for the common cyber tricks

From time to time I sometimes hear from old friends or work colleagues or people I’ve presented to who have been directly impacted by cyber crime, and need some help or advice. Be it they’ve fallen victim to a phishing email and have been infected with some form of ransomware or keystroke logger, or worse fallen for a social engineering trick which involved allowing hackers to remotely connect onto their computer. Believe me – even the smartest people fall for some of these sorts of scams!

When you know that your computer or device has been infected with malware, or you’ve given remote access to hackers – it’s very unnerving. However, I’ve often found that most people impacted believe that everything can be made good again by just running a quick virus scan, and the problem goes away. I wish it was that fool proof. Whilst most anti-virus / security vendors do a pretty good job, it’s unfortunately not that simple… . there’s a continuous cyber arms race or what others call a game of cat and mouse, where new vulnerabilities are always being found, and in some cases weaponised by cyber attackers before the security vendors, IT software organisations have a chance to catch up.

That’s why I thought it would be useful to write up this article, so people have some easy to follow instructions for what to do when they do get hit with malware.

 

How might you get infected in the first place?

There’s a variety of ways in which you might accidentally get infected with malware. It might be as simple as falling for a phishing email that asks you to opening an attachment or link, or when you’ve done something you probably shouldn’t – such as downloading and attempting to install a pirated copy of Microsoft office, or other popular (but illegally pirated) software products. In other cases it might be a file that you downloaded when attempting to get hold of a latest movie online. I’m not endorsing illegal software or pirated media, however I know that these are often the reasons why people got infected in the first place.

In rarer cases (but it does sometimes happen), you might have done nothing illegal, but fallen for a social engineering trick – where someone calls your home phone, and convinces you that there’s a problem with your computer, and you need to download some ‘software’ to clean up the mess. You give them full remote connectivity to your machine to help you… which gives them an opportunity to install other malicious software such as keystroke loggers, or user credential grabbing utilities in order to gain further access into your online accounts. There’s plenty more ways, but this is just to cover some of the re-occurring scenarios I’ve heard from people contacting me directly.

 

OK – so surely antivirus will save the day?

Whilst most antivirus programs can detect and clean up most malware, they do not always detect the very latest threats out there. If you don’t believe me, go check out some of the detection rates from independent testers such as https://www.av-test.org, or if you do ever receive a malicious file, submit it to https://www.virustotal.com, and see how many of the antivirus engines detect it, as that’s exactly what the malware writers do when they create new versions.

The other myth is that malware often gets the blame whenever someone gets impacted by cyber crime. Malware is a broad term that encompasses viruses, worms, trojans, as well as adware, spyware and others. In mosts cases, if you run an antivirus scan of any computer, no doubt the product will more than likely detect or report ‘malware’ that is in fact adware or some other threat that is very low risk. They then think everything is hunky dory if the virus product informs them that it has cleaned the malware and all is good. But could you guarantee that this was actually the case?

 

Cleaning up after a malware infection or remote access trick
If your computer has been infected with malware, or you installed software under the direction of a scammer, you need a fresh install of your computer’s operating system. No other option guarantees that your computer is clean and malware free. Sure you could clean up with a virus scan, but is it really completely gone? Only a wipe and rebuild will assure that.

Most people don’t want the hassle of having to rebuild or reset their device, as it means that they lose all of their installed programs, files etc. Yes it is inconvenient, but if not properly dealt with and fully eradicated there’s a possibility of you being impacted again through the malware infection.

There are a few different ways to re-install your operating system, however the only way to guarantee that you are malware free is to wipe (format the drive) and re-install from a clean install.

This is what you need to do:

1. Disconnect your infected computer from your network, and physically turn it off to cut all connections. This ensures that if hackers have remote connectivity to your computer, they lose their access, and you can safely fix the problem.

2. You then need to go buy a clean 8Gb USB stick from your local store, and find a friend or colleague with a healthy computer that hasn’t been impacted by malware!

3. Use your friends computer to download the Microsoft media creation tool to set up your USB with the files you need to install. https://www.microsoft.com/en-us/software-download/windows10

4. You then need to plug in the USB drive into your infected Windows 10 computer, and boot off the USB stick and work through the install process. Most computers will automatically attempt to boot off the USB drive, however, in some cases you might need to change the BIOS boot priority to do so. Here’s a quick article on how to do this: http://www.boot-disk.com/boot_priority.htm

5. Once you’ve completed the install, ensure you install your security software of choice as soon as you have a clean version of the operating system installed, and ensure all patches are installed on your Windows 10 device, or Apple OSX computer before use. This guarantees that your machine is free from infection. Additional Windows re-install instructions are here, and Apple OSX instructions are here.

 

Lastly, we need to cover the importance of backups and restores

I’ve spoken to lots of business owners and individuals about backups and what constitutes a good option. I’ve met some people who literally have a handful of USB drives, and copy all of their important files to a USB drive once a week and unplug it and leave it in a safe. Some use more business grade solutions such as using online services, or others who use more traditional options such as hardware backup media created on site, and stored securely at an offsite location.

Basically having a backup of your important files is a good step, however it’s not a 100% guarantee that you are completely protected. One example is where one business owner I met told me how he got caught out – as he used a rotating three week backup cycle (3 different backups, rotating once per week) however he had been infected with ransomware but didn’t know it, and it had worked it’s way through all of his files and encrypted them. He didn’t realise until too late, when he discovered his backups contained not the original files, but the encrypted ones – so he had no viable backup to restore his files from.

The other thing about backups is that you need to somehow check that you can actually restore the backup – and know that it works. Something to consider!

If you have any comments, feedback, questions or something to add, please feel free to comment below.

 

Feel free to contact me directly if you have any issues, or need more help.