I'm Hacked, Now What?

I'm Hacked, Now What?
Most of you care about protecting your computer and mobile devices and take steps to secure them.  However, no matter how securely you use technology, you may eventually be hacked or “compromised.” Check out these tips to help you determine if your computer or mobile device has been hacked and, if so, what you can do about it. 

Clues You Have Been Hacked

It can be hard to determine if you have been hacked, as there is often no single way you can figure it out. Instead, hackers usually leave several indicators. The closer your system matches any of these indicators, the more likely it has been hacked.
  • Your anti-virus program has triggered an alert that your system is infected, particularly if it says that it was unable to remove or quarantine the affected files.

  • Your browser’s homepage has unexpectedly changed or your browser is taking you to websites that you did not want to go to.

  • There are new accounts on your computer or device that you did not create, or new programs running that you did not install.

  • Your computer or applications are constantly crashing, there are icons for unknown apps, or strange windows keep popping up.

  • A program requests your authorization to make changes to your system, though you’re not actively installing or updating any of your applications.

  • Your password no longer works when you try to log into your system or an online account, even though you know your password is correct.

  • Friends/colleagues notify you that they are receiving emails from that you did not send (typically ones that they would classify as spam).

  • Your mobile device is causing unauthorized charges to SMS numbers (pay attention to your monthly mobile device bills).

  • Your mobile device suddenly has unexplained very high data or....battery usage (your battery dies rapidly on a relatively new device).
Look for multiple indicators and take the following steps if you suspect your device has been compromised. 
How to Respond
If you believe your computer or device has been hacked, the sooner you respond the better. 
If it is a device/machine owned by Lexington City Schools: 
  • Run an Anti-Virus Scan on a Computer: If your computer is behaving abnormally, run a scan of all files. Click this link for instructions on how to "Scan Your Computer for Infected Files/Virus."

  • Report It:  Do not try to fix the problem yourself. Not only can you cause more harm than good, but you could also destroy valuable evidence that can be used for an investigation. Instead, report the incident right away to the tech department in the form of a Tech Ticket. Even if you are not sure if you have been hacked, it is far better to report it just in case. If your ran a scan and it came back with information about a suspected file that is infected, include that information in the Tech Ticket.

  • Disconnect from All Networks:  If it is a work device and you suspect a problem outside of work hours, you should disconnect your computer or device from the all networks and then put it in sleep, suspend, or airplane mode. Be sure to enter a Tech Ticket as soon as possible. 
If it is your Personal computer or device, here are some steps you can take:
  • Change Your Passwords: This includes not only changing the passwords on your computers and mobile devices, but for all of your online accounts. Be sure you do not use the hacked computer to change the passwords. Instead, use a different computer or device that you know is secure to change the passwords.

  • Anti-Virus: Use anti-virus software on computers. Then, if your anti-virus software informs you of an infected file, you can follow the actions it recommends. This usually can include quarantining the file, cleaning the file, or deleting the file. Most anti-virus software will have links you can follow to learn more about the specific infection. When in doubt, quarantine the file. If that is not possible, then delete it.

  • Rebuilding: If you are unable to fix the infection or you want to be absolutely sure your system is fixed, a more secure option is to rebuild it. 
         **For computers, follow your system manufacturer’s instructions, which usually means reinstalling the operating system. Never reinstall the operating system from backups; they may have the same vulnerabilities that allowed the hacker to originally gain access. Backups should only be used for recovering your data. 
         **For mobile devices, follow the instructions from your device manufacturer or service provider, which should be on their website. In many cases, this may be as simple as restoring your mobile device to factory default settings. 
         **If you feel uncomfortable with the rebuilding process, consider using a professional service to help you. Or, if your computer or device is old, it may be easier and even cheaper to purchase a new one. Finally, once you have rebuilt your computer or device (or purchased a new one) make sure it is fully updated and current, enable automatic updating whenever possible, and use current anti-virus software. 

  • Backups: The most important step you can take to protect yourself is to prepare ahead of time with regular backups. The more often you back up, the better. Some solutions will automatically back up any new or changed files every hour. Regardless of which backup solution you use, periodically check that you are able to restore those files. Quite often, recovering your data from backup is the only way you can recover from being hacked.

  • Law Enforcement: If you feel in any way threatened, report the incident to local law enforcement.
Ultimately, the quicker you detect something is wrong and the faster you respond, the more likely you can reduce the harm a cyber attacker can cause.