So now our computer's clean. We've isolated it. We decided, What are that? Our computer was infected with malware. We scanned it. We verified removal. We scanned all of our backups and external devices. So what do we do now? What do we do now that our computer is clean?
Well, we need to take some steps to make sure, if at all possible, it doesn't happen again.
So our first step is we're now going to schedule scans and updates. We're now going to take our anti virus program if we had one installed and maybe we're a little bit less trustworthy of it. Now we may want to look into a different anti virus program if our one that we had installed was up to date and still allow this program, too.
Get on our computer still allow this malware into infect our computer.
But we want to make sure we have an anti virus installed, and we want to make sure that it's performing regular scans of our computer regular scheduled scans. We also want to make sure that our anti virus automatically updates whenever it needs to. It updates is definitions and signatures
as well as regular operating system updates. We want our operating system to have scheduled updates so that it pulls security patches
and pulls application patches. We don't leave our applications out in the dark. He either. Our applications are Java are adobe even are different programs that we install. They push updates for reason programs can have
flaws in them, can have security features that can be exploited and can allow malware to be introduced into our system.
So we want to make sure that those applications are regularly patched, are regularly updated so that they don't have a list of back ordered patches in list of back ordered security back doors, which are now open because we aren't patching our applications.
So we've scheduled these scans and next we're going to re enable our system restore that we disabled earlier. We want to re enable system or store, and we want to create a new restore point now that at our clean computer state, potentially to be used later
and then lastly, we want to educate, educate, educate. We need to let users know how this happened. We can't just take a computer that's infected with malware. Take a computer that has a virus or key logger on it, clean it up and say, Here you go. It's good to go.
We need to let people know why this is happening. If we don't, it's gonna happen again and again and again.
People only learn. People only know what is causing malware if we tell them some people who just may not know. Some people may not know how malware can infect their system and know what some of the risky some of the risky doors they leave open are. So we need to educate users
if this is by using annual training. If this is by just sitting down and talking with a person who's had several malware infections,
whatever we need to do, we need to have a way that we can pass information onto and educate our users. We want to educate our users on things such as websites. They shouldn't be visiting and downloads they should avoid. Some people may try to torrent different material that may be illegal. Ah, lot of the times we may have some of these illegal torrents that
are from illegitimate sources and are
packed with malware, so we want to make sure that we're educating users, that that is a possibility just because someone says that they're sharing with you The latest movie that came out and you're pulling that movie or you're downloading this file or you're downloading this nice cool fish tank background doesn't mean that's the only thing that this program is doing.
Even if the program does everything that it says it's going to do,
it may give you a little bit of bonus in there having some extra malware. Malware can be packed with other programs. Malware can be packed with. Execute a bles so that you run a file and that does what it's supposed to. But it also installs malware, or it opens up a back door for malware to come in.
These Trojans are everywhere, and these Trojans are why widely available for download for free on your Internet. So you want to check and make sure that you're very careful for what you download, and you wanna let users know to be careful about what websites they visit, because sometimes websites will also just try to drop malware.
Users need to being careful when they're installing applications, because sometimes there may be a legitimate application. They're installing that depending on where it was hosted, the hosting service may package it with other potential applications. That may be malicious
now. These applications may not be as bad as root kits or may not be a key logger, but it may be adware. Or maybe some spyware that's gonna pop up. It's going to annoy the user. Maybe we don't need an additional Yahoo to toolbar. We don't need our home page or we don't need our
our Internet settings to be changed
to redirect our search all of our searches through a search engine we've never heard of before. That's unnecessary traffic that's being peaked at this unnecessary trafficking traffic. This listening that's listening in on. Now. Some people do like their Yahoo to our
nothing against that,
but there's a lot of toolbars out there. There's a lot of add ons out there that are packed with applications that when you just hit next, next, next, next next on your game that you're downloading or they are in your program that you're downloading the next time you open your Internet. Google isn't your home page anymore.
It's now some search engine you've never heard of before. Some purchasing website you've never heard of before. And now you have some weird computer backup program that seems to be a little bit off. And you have
50 brow and you have 50 browser toolbar so that your browser space that you can see the screen is only anybody. Tiny baby.
So you need to be careful. When you're installing these applications, you need to read carefully what they're trying to add on an install.
Next, we have data backups. We need to let users know that backing up their data isn't just for if there's a hardware failure or software failure. There's malware out there that will actually encrypt data that will actually encrypt documents and PDS and pictures and videos. And they come up with the message and say, Hey,
you're not getting me. You're not getting any of this back unless you send us $500
Now you may send them $500 they absolutely do nothing.
You may wait and see. Oh, well, Okay, well, I'll just I'll just wait it out and see when this this time limit, they have expired and see what happens. And then When that happens, all of your files were deleted in your drive. Performs a D. O d level format, and now you have nothing on your computer, and it's absolutely unrecoverable
these encryption keys or serious business. Some of these encryption keys
are at levels where even if you took your drive out of your computer right then and took it to a place that does $1000 Dr Recoveries, they would look at the encryption on your different programs and files and say,
it's not mathematically possible. We don't have the supercomputers possible in order to crack this encryption for you right now.
we need to make sure that we have our data backed up so that if we do get run into a situation where malware has encrypted all of our files and instead of going Oh, no, I have no idea what I'm gonna do now. Years of data, years of pictures, years of videos are just gone. We say,
it's a hassle. It's a pain. I'm gonna have to clean my computer. I'm gonna have to reformat. I'm gonna have to, uh, pull the this data back over. But I have good backups from when this data was still unencrypted when so when it was still uninfected. So data backups are very, very important.
We also have phishing emails we need to educate our users against e mails from Nigerian princes. And e mails from Canadian lotteries aren't always legitimate. It's nice when they are, but that happens very rarely.
So we need to make sure that we educate our users not to provide information. We don't want people providing information to I T departments over email or sending credentials. We need to have a set standard for an a very well known I T department number that they call and
that they answer recovery questions for and that there is no conversation over that line
over the user telling a nightie individual their password or user sending an I t individual their password. We don't want that to become standard in our enterprise, because then all it takes is one phishing email saying Hey, hey, Jill, Hey, Jack, can you send me your user name and password?
Because I need to do such and such, or I need to verify
what floor you're on or what the password is to the server room. We don't want that information to be sent over e mails. That's very critical information. We don't want users clicking on or sending their personal information or clicking on links to download files or download even what looks like an expert
cell spreadsheet that may have a macro embedded in it
embedded in the Excel spreadsheet that runs and causes a security hole in our system. So we need to be very careful of those e mails very careful of clicking on anything clicking on any documents that we did not explicitly request or did. We did not talk to someone in person about getting sent to us. An email.
We have passwords. We've talked about passwords. We need to have a very strong passwords for our systems, not just capital. P. A s s 1234 That's not a good password. Believe it or not,
we need to have passwords that are long that are eight plus characters that are avoiding dictionary words that have upper and lower case letters that have numbers that have special characters that aren't reused. We don't allow users to reuse their passwords. We make users change their passwords every so often
we make sure that you don't have repeating characters in a password or sequential numbers. All of these are parts of making sure that we are users have strong passwords, security and educating our users as to why their passwords need to be strong so that their systems can't be compromised and our information can't be stolen.
And then, lastly, we need to educate users on regular updates.
People will put off pressing the restart now button on their computer. For months,
they will close the lid on their laptop and make it go into hibernate. They will turn off their computer monitor and lock their computer, and they will do that for as long as they possibly can. As long as they don't have to restart their computer, They were only restart their computer. When you go in and you make them or when they start noticing that their computer is slow because they haven't restarted their computer,
some people can be good about it.
But it's becoming a bad habit of people not to restart their computer, not to shut down their computer because they know it's gonna take a long time for it to come back up or it's going to take time for their applications to close, and they're gonna have to restart everything in the morning, and I just wanna leave it where it is. So they just lock their computer,
updating during regular updates and forcing regular updates if need be. Maybe what we have to do. We may have to force updates and force restarts so that users will have the latest security patches on their system. The latest application patches. And we also need to educate users toe. Let us know if they
are having updates that look like they're pending and aren't pushing out
or if they have apple, certain applications that haven't been updated if they're constantly getting, we want a user to submit a ticket to us. We want a user to come up to us and say, Hey,
I have an adobe program that seems like it hasn't updated in a couple days and it keeps prompting me. Is there anything you can do about this? We'd rather have that. Then
two months down the road, say, Well, how did this person get infected with malware? They had an anti virus. They had the best they had good firewall settings on their windows updates worked the par and we start looking through the applications and we see this adobe program that hasn't been updated since 2012.
Well, there's probably a problem right there. So we need to let people know we need to educate users not only on what to do, but why we do these things. We don't do these things just to inconvenience you. We don't do these things just to inconvenience your work flow flow and make it harder to get work done.
We do these things because we're trying to protect you were trying to protect your computer, protect your work
and your information and
other computers in your environment and our network. So
we've cleaned our computer. We've talked about identifying our malware symptoms. We've talked about quarantining our system disabling system, restore and remediating the infected system.
After we've cleaned up our system,
we're gonna prevent this from happening again by scheduling scans and updates. We're gonna re enable our system restore. And lastly and all. Most importantly, we're gonna educate users were gonna educate people how systems get infected and how to prevent it in the future.
so thank you for joining us today on cyber dot i t. We talked about a lot of information as far as how to troubleshoot infected systems and how to troubleshoot security issues on our computers. We talked about identifying malware, the tools we can use and best practices for removing it,
so hopefully you'll be able to take this information you'll be able to identify. If your systems are infected,
you'll be able to properly remove it, and you'll, most importantly, be able to educate people on how to prevent malware infections from happening.
So we hope to see you next time on cyber Dad, I t.