Hacker cyber attack: how to recognize a virus and what to do after infection

Hack attack – this is a kind of attack on the information security of a computer system. In practice, it is a computer program with a described algorithm that allows you to bypass existing protection mechanisms in order to gain unauthorized access to data, damage information or stop the information system as a whole.

The consequences of cyberattacks can be catastrophic. Recall that quite recently a large-scale Petya virus hit the world.

About what is a cyber attack and what should an ordinary user do if his computer is infected with a virus, the CEO of Microsoft Ukraine tells estet-portal.com Nadezhda Vasilyeva.

What is a cyber attack in simple terms?

N.V. Cyberattack – this is an attempt to circumvent the information system protection methods in order to gain unauthorized access to systems and data, to make changes to the operation of systems, to completely or partially stop them. One of the mechanisms for conducting a cyberattack – it is the infection of the system with a virus that exploits the existing "gaps" information security to achieve the mentioned goals.

How does the virus enter the system?

N.B.The most popular way for a virus to enter the –  method fishing (fishing). It works like this: you receive an email from an unknown or known address. Usually this message has a "game" phrase that draws you into the conversation and recommends or forces you to take some action, such as opening the attachment that comes with this letter, or downloading information from a web link.

N.B. By completing this action, the user downloads the virus on their own computer, succumbing to the temptation to get something for free or being sure that the information comes from a trusted sender. 

What tricks are commonly used for cyberattacks?

N.V.You are invited to participate in a lottery, earn money, view promotional prices, offers from your suppliers, read urgent messages from your relatives, receive an award in a competition in which you did not participate etc. There can be a lot of such pretexts.

When messages arrive that force you to do something immediately, you must use certain rules:

• before opening any files, you must make sure you know the sender, or these actions must be agreed with you in advance. You should be warned that you will receive an email with an attachment in the near future;
• if there was no prior notification, contact the sender before opening the file. Ask simple questions – “Who are you? What do you want to send me? Why such urgency?»;
• it is safe to read the email itself, the danger lies only in the attached file or behind the hyperlink you are offered to follow!

N.V. How to visually distinguish files with a virus from normal files:

If the attacker did his best – It is extremely difficult to distinguish an infected file from a regular one. Virus files usually have extensions that run a program on a computer, since they are programs themselves. These files most often have the extension exe, ps, or bad.

See also: Microsoft CEO about cooperation with estet-portal.com

What happens if you open a virus file?

N.B . If the user opens such a file, visually nothing happens. He will see that there is useless information in the file, close it and forget that this happened. Nothing happens to the computer, and the user does not realize that he has let a virus into his computer.

N.V. And it is possible not only to the computer, but also to the network if the computer is connected to the network. And the virus spread very quickly through it. If the network does not have special solutions installed that counteract the spread of an attack over the network, then the entire local network will be affected.

The conditions under which it is activated and starts working are built into the virus itself.

Most often, viruses are programmed either for a specific date or for a specific action, for example, when a person connects to the Internet.

When the condition embedded in the virus occurs, it will activate.

 

Why is the time period between the virus infection and the attack itself being programmed?

N.V. The goals can be different. Sometimes this is done in order to "replace" traces and complicate the process of investigating the attack algorithm. Sometimes in order to involve as many computers as possible in the attack process and cause significant damage.

If the goal of the attackers was to cause economic damage, then to defeat one computer – too little effect. Such attacks have business interests in the same way as other criminal attacks that occur in real life. Therefore, the goal is to achieve as much economic interest as possible.

Read: Promotion of medical services on the Internet: e-mail newsletter

There is an idea that cybercriminals create a virus in order to then sell antivirus programs. Is this true?

N.V. This is one of the versions, but it has not been proven and exists rather as a myth. There are several areas of cyber attacks and it all depends on the customer. This is the equivalent of a crime. The first goal – get an economic effect, the second – destroy the system, eliminate or liquidate, the third – receive political dividends to earn benefits.

This type of business is no different from, for example, the sale of drugs, it involves quite serious financial investments. Such criminal elements are being fought by cyber police, security services and large companies around the world.

How is cybersecurity ensured in our country?

N.V. In our country, there is a type of body that is responsible for this direction: the security service (tracks specific people who are involved in this), cyber police (engaged in cyber defense, monitors the activity of the general situation in real time and must provide security quickly), DITN (prescribes standards and defines the necessary and sufficient number of elements that must be in the network to ensure security for key infrastructure systems).

You may be interested in: Promoting a medical business on the Internet: how to bring a patient to the doctor's office

What should an ordinary user do if a cyber attack occurs? What steps need to be taken?

1. When a cyberattack occurs, the user must disconnect the computer from the Internet.
2. Look at the computer screen if any signs or demands are displayed (for example, to pay money to unlock the computer) – this means that your computer has already been compromised, and in most cases it is recommended to reinstall the system from scratch, which involves installing the operating system and restoring data from a backup copy (back-up). What does this mean?

If you use your computer properly, you will be aware of the recommendation to make regular backups and store them on separate media. First, the backup data should be scanned for viruses, then used to restore the data to your computer.

You will be able to open your data folders and save the information on another computer.

Many people talk about re-infection with the virus. Is it possible?

N.V. There is no re-infection. This happens the moment users connect to the network. It is possible that at the time of the attack itself, the computer was not in use and was turned off. At the moment when it is turned on, the virus will begin to attack, because. the attack is programmed for certain conditions. This is not a repeated attack, but the same one, only delayed in time. The second option is possible if you have recovered data from a backup that is already affected by a virus.

Recommendations:

1. Use legitimate software, very often viruses "live" in pirated copies of programs that users download from the global network.

 

1. Regularly update your operating system and antivirus.

 

1. It is mandatory to use a password on all accounts that are used on your computer.

N.V. If it happened that your computer was infected, you need to use another device to go to the website of the cyber police or the security service, where you will be notified in real time what is happening and what actions need to be taken . You will receive professional advice on what to do and what not to do. You can contact the Microsoft Support Center, which is open 24/7.

Each virus targets a specific operating system and is made for specific products. Two years ago there was a powerful attack on Android. Why? Because Android has 98% of the phone market. It is the most widely used phone operating system. This time the attack was on Windows. in business personal computers, the largest number of operating systems – 75-80%.

Criminal organizations make attacks on those systems that are used by the majority and, accordingly, a large number of users can be affected by the virus.