End User Awareness 9 – Signs of activity and what to do

Signs of Suspicious Activity and Actions

Persistent popup
While the occasional pop-up may be normal, when you begin experiencing an increase in pop-ups, ads, or flashing banners on pages where you have never seen them before, this is a cause for suspicion.

If you begin receiving pop-up advertisements while you are not even on the internet, this is a very serious sign of infection. It is always better to be “Safe than Sorry”. If your computer is acting abnormally, contact IT support immediately or take actions yourself.

Browser Settings
Browser settings are what control what we see when our computer accesses the internet and how our computer connects to the internet. Sometimes when we install a new program, we may find that we have a new option or search bar on our internet browser that we did not have before. We may find that our homepage has been changed, or we are getting many “Certificate Error” messages. Be careful to note changes in how your computer browser looks and behaves, especially after installing new software.

New files
The files on our computer are typically placed there by us, the IT staff, or a computer or software change. When we notice that we have new files, oddly named folders, or are consistently missing files that we know we have saved, there may be some cause for concern.

This does not mean to include the “occasional misplaced file”. Viruses modifying our files and folders may be attempting to delete, export, or encrypt mass amounts of our data.

Steps for handling an infection

Isolate your computer
Remove the computer from the network and disconnect from the internet immediately. Do not leave the computer online or locally. Do not plug in any new devices and do disconnect any USBs that you have plugged in. Go to the task manager with ctrl + shift + esc and shut down all abnormal programs including other useless ones that are running in the background. If you can, run a scan with Rkill to terminate processes. Run as many scans as you possibly can in many different sections such as adware, virus, and ransomware.

Maintain any evidence
Do not delete any files, even if malicious ones. The security team can use these to determine what may be wrong and use the proof to keep safe from the next attempt of an attack. Do not delete any emails, only move them to your junk and block the sender.

If you can, get to know your computer’s folders and files so you can realize when something is different and when it’s time to take action. It’s important to keep a good system healthy and structured.

Contact the security team
Contact the security team to turn over the device. Any obvious malicious activity should become prior to fixing, and remember to always follow the instructions of the security team. If you are your own security team, be your own boss and make choices based on other people’s expertise and ask for help.