Here’s how to recover from a hack and secure your network and PC to prevent future incidents.
Isolate and Quarantine
To recover from a hack, isolate your computer so the hacker can’t continue to control it or use it to attack other computers. Do this by physically disconnecting your computer from the internet. If you believe your router may have also been compromised, then you should disconnect your router from your internet modem as well. For notebook PCs, don’t rely on disconnecting via software because the connection could show that it’s turned off when it is still connected. Many notebook PCs have a physical switch that disables the Wi-Fi connection and isolates the computer from the internet. After you sever the hacker’s connection to your computer or network, it’s time to clean out the system, ridding it of compromising software.
Reset Your Router to Factory Defaults
If you think someone may have compromised your internet router, perform a factory default reset. If you aren’t sure, do it anyway. The reset removes any compromised passwords and firewall rules added by the hacker that opened doorways to your systems. Before you perform the factory reset process, locate the factory default admin account name and password from your router manufacturer’s user manual or support website. You need this to get back into your reset router and reconfigure it. Change the admin password to a strong password immediately after the reset and make sure you can remember what it is.
Obtain a Different IP Address
While not a necessity, it is a good idea to obtain a new IP address. Note the current IP address assigned to you from your internet service provider (ISP). You may be able to obtain a different IP address by performing a DHCP release and renew from your router’s WAN connection page. A few ISPs give you the same IP you had previously, but most assign you a new one. If you are assigned the same IP address, contact your ISP to request a different IP address. An IP address is your address on the internet, and it’s where the hacker can find you. If a hacker’s malware was connecting to your computer by its IP address, a new IP is the equivalent of moving to a new address and not leaving a forwarding address. This doesn’t protect you from future hacking attempts, but it frustrates attempts by the hacker to re-establish a connection to your computer.
Disinfect Your Computers
Next, rid your computer of the malware that the hacker installed or tricked you into installing. This process is discussed in great depth in I’ve been Hacked! Now What? Follow the instructions in the article to help you protect your important files and cleanse the infected computer. If you have multiple computers on your home network, you need to disinfect them all, as malware may have propagated throughout your network, infecting other systems that are connected to it.
Bolster Your Defenses
Protect your network and computers from future threats by following steps to enable a firewall that makes it harder for your system to be compromised again. You should also activate antivirus software to protect your system from virus, worms, and other threats.
Update Operating System and Software
Your anti-malware software is only as good as its last update. Make sure your protection software is set to update automatically. By doing this, your protection software always has the latest defenses against new hacks and malware without you having to remember to run a manual update routinely. Periodically check the date of your anti-malware definitions file to make sure that it is up to date. In addition to anti-malware and anti-virus software, check to see if your operating system needs to be updated. Just as with anti-malware software, your operating system receives updates that thwart security weaknesses. The same goes for applications you use — automatically updating these helps keep your software secure with little effort from you.
Test Your Defenses
You should test your firewall and consider scanning your computer with a security vulnerability scanner, and possibly running a second-opinion malware scanner to ensure your defenses are as secure as possible and that there aren’t holes in your virtual walls. Also take the time to change passwords for the accounts you were logged in to during the attack. For example, if your email, bank, and shopping accounts were all active during the hack, the passwords could have been swiped. Changing them immediately and enabling 2FA where possible is ideal. Using a password manager to store these new, secure passwords is the best way to never lose them but to allow for super-secure passwords.