Did someone hack Bing?

Security

In all of these scenarios, reinstalling the operating system is the best solution. That doesn't have to mean formatting the hard drive - functions for system recovery, for example under Windows or regular backups, often provide sufficient precautions in the event of an emergency. However, one thing must be clear: once a computer has been infiltrated, it must never be completely trusted again. How best to proceed in which case is shown in detail under the individual points.

Ransom note on the screen

Suddenly a blackmail letter appeared on your system out of nowhere? "Pay XXX Dollars / Euro by ... if you want your details back" or something like that - then you can very often assume that you have been careless when reading and editing your e-mails Opened links and / or email attachments that you would have better left closed. In this case: Congratulations, you have fallen victim to a crypto Trojan or ransomware! But be careful: Make sure that your data is really encrypted and that it is not a phishing attempt! The following video clearly describes how a Crypto-Locker attack works:

What to do: Hopefully, if your data is already fully encrypted, you have an up-to-date backup that you can restore. If the encryption process is still running (which is rather unlikely when the blackmail message is displayed), you should switch off the computer, remove the affected hard drive (on which the data and the operating system are stored) and hand it over to IT forensics experts - they may be able to still save something.

If the data is already fully encrypted and you do not have a backup at hand, you can either research whether the affected Crypto-Trojan and its encryption algorithm are already known and possibly countermeasures exist (which you can then take) or wait to see whether the encryption was cracked in a timely manner becomes. Under no circumstances should you put the hard drive in question back into operation - there are Trojans that automatically destroy the encrypted data after a certain period of non-payment of the ransom. Better to install a "fresh disk" and reinstall the operating system. It may be possible to save the "old" data later.

If all of this is too (time) consuming for you, you have two further options: You forget the data, get annoyed and restart the computer. Or - you pay the ransom. This is not recommended by experts, but in some cases it is essential to be able to restore important data. As a rule, your data will be decrypted again after payment - otherwise the blackmailer's "business model" would not work. However, there is no guarantee that this will be the case. In any case: Be more careful with the next case!

Fake antivirus messages

Fake virus scanner alerts are one of the surest signs that the system has been compromised. Many users are not aware that the moment such a message appears, the disaster has already happened. Clicking on "No" or "Cancel" to stop the fake virus scan is of course not enough - the malware has already made use of existing security gaps and has penetrated the system. Popular gateways are, for example, the Java Runtime Environment or Adobe products.

The question remains: Why does the malware trigger this "virus warning" in the first place? Quite simply: The alleged checking process, which always reveals a huge amount of "viruses", is used as a lure for the purchase of a product. If you click on the link shown, you will be taken to a professional looking website that is plastered with positive customer reviews and recommendations. There credit card numbers and other billing data are requested - and far too many users still fall for this scam and voluntarily give their identity to the criminals without noticing anything.

What to do: Turn off your computer as soon as the fake antivirus message appears. (Caution: you must of course know what a "real" message from your virus scanner looks like.) If something needs to be backed up and it can be done without any problems - do it. But the faster the computer shuts down, the better. Then restart in "safe mode" (without network connection) and uninstall the previously installed software (which often works).

Either way, it is important to bring the system to a state that is the same as it was before the compromise. If this succeeds, the system should start normally again and no more fake messages should be emitted. What remains now is a comprehensive system test and a complete virus scan to remove the last remnants of the malware.

  1. Admin rights
    No assignment of administrator rights to employees
  2. documentation
    Complete and regular documentation of the IT
  3. Secure passwords
    IT security begins with sensitization and training of employees as well as clear communication of the internal rules of conduct for information security:

    Complex passwords made up of upper and lower case letters, numbers and special characters, at least eight characters.
  4. Password theft
    Never pass on or / and write down confidential data.
  5. Email security
    Sign emails, encrypt sensitive data, be careful when opening email attachments and links.
  6. Social manipulation
    Handle confidential information consciously, only pass it on to authorized persons, do not manipulate or allow yourself to be spied on.
  7. Be careful when surfing the internet
    Not every link leads to the desired result.
  8. Use only the latest software
    Software that is not updated leaves more security holes open.
  9. Use of your own software
    Follow company guidelines and never install software of questionable origin.
  10. Company guidelines
    Use only permitted data, software (apps) and applications.
  11. Backups
    Regularly save operational data on a network drive and back up data on external data carriers.
  12. Theft protection
    Protect mobile devices and data carriers from loss.
  13. Device access
    Do not pass devices on to third parties, do not leave mobile devices unattended and lock workstation PCs when leaving.
  14. Security guidelines
    The organizational structures in the background form the necessary framework for IT security. Here it is important to formulate clear rules and to adhere to them:

    Definition and communication of security guidelines
  15. Access rights
    Regulation of access rights to sensitive data
  16. Software updates
    Automatic and regular distribution of software updates
  17. Log files
    Control of the log files
  18. data backup
    Outsourcing of data backup
  19. Security analysis
    Regular review of the security measures through internal and external security analyzes
  20. Contingency plan
    Creation of a contingency plan for responding to system failures and attacks
  21. WLAN usage
    A minimum standard must be guaranteed at the technical level. For the most part, this can be implemented without great expense:

    Documentation of WLAN use, also by guests
  22. Firewalls
    Protection of the internet connection through firewalls
  23. Biometric factors
    Use of access protection / passwords / biometrics
  24. Access control
    Physical security / access control and documentation
  25. Protection against malware
    Protection against malware both on the end device and on the Internet gateway, ideally through two different anti-virus programs
  26. Web access
    Definition of a structured regulation of web access
  27. Encryption
    Encryption to protect files and messages with sensitive content
  28. Clear
    Secure deletion of data when decommissioning
  29. Update of the security systems
    Ensuring regular updates of the security systems
  30. Monitoring
    Permanent monitoring of the network traffic for abnormalities

Unwanted browser toolbars

Probably the second most common sign of infiltration: The browser comes with various new toolbars, all of which promise help. Unless it is (and even then) a product from a known vendor, these extensions should be removed.

What to do: Most browsers allow all installed toolbars to be displayed. Remove any that you don't necessarily want to keep. If the suspicious toolbar is not listed or if it cannot be easily deleted, the browser should be reset to its default settings. If that doesn't work either, proceed as described under "Fake Antivirus Messages" above.

Most toolbars with malicious code can be prevented simply by ensuring that all installed applications are up to date. And also by the fact that when installing free software during the setup process you pay a little attention to what is to be installed and deactivate the corresponding toolbars.

Redirected web searches

Cyber ​​criminals earn money from Internet users "ending up" somewhere else than they actually want. The clicks on a certain website are converted directly into cash for them - often without the respective site operator even knowing that the traffic is resulting from a visitor redirection.

This type of malware can be found quickly using a search engine in infected browsers: Simply type in some very generic words such as "goldfish" or "puppy" and check whether the same websites appear several times in the result lists - these usually have hardly any reliable reference to the search term . Unfortunately, many of today's web search redirects are so camouflaged and well hidden with the help of various proxy servers that the falsified results are seldom directly visible to affected users. Often it is also toolbars that trigger the redirects. The traffic in and out of a compromised computer is significantly different from that on a clean computer.

What to do: As mentioned earlier, remove toolbars and other malware - that should be enough.

Common pop-up windows

Popping windows are annoying. But they are also evidence that the computer was hacked. If websites that are usually not known for such behavior deliver random browser pop-ups, the system has been infiltrated. It is always exciting to see which pages can bypass the browser's anti-pop-up mechanism. It's like fighting spam - only worse.

What to do: Typically, such popup windows are generated by one of the three cases already described. Removing toolbars and other malware helps here too.