HP Tech@Work
Today's trends for tomorrow's business
Oh $#!+: Your website got hacked—now what!?

Oh $#!+: Your Website Got Hacked—Now What!?

What do you need to do to get your site back online? Three steps to recovery.

After the initial panic subsides, your mind starts racing and you find yourself asking the question, “What do I (or my IT folks), need to do to get our site back online?” Read on for more…

What are the first few things you do when the alarm goes off on Monday morning? If you're anything like me, your morning ritual includes a bold coffee blend and a quick perusal of social media before settling down at your desk for the day.
Now, imagine that same scenario with a very different ending. This time, as you kick your feet up behind your desk, you notice dozens of errors cascading across the browser as your website struggles to come to life. Your site's been hacked. That nightmare inspired this website security checklist. Consider it your “next steps” guide, should such a catastrophe rudely interrupt your morning routine.

Step one: Name that hack

Step one is all about deciphering what type of attack brought your site to its knees. A bit of a no-brainer, but important to the list nevertheless. We'll cover three of the most common attacks here.
  • Ransomware: This one's the easiest to recognize, because that email sitting in your inbox demanding large sums of money is a dead giveaway. Gaining popularity, ransomware attacks can hide your website's data behind advanced encryption methods until you pony up the dough.
  • Phishing: These attacks operate on the premise “there's a sucker born every minute.” When that tempting email or phone call finds the right person, hackers can siphon all the authorization info they need. Once you've been fleeced, hackers can hijack your site and even use it in future campaigns. Phishing can be spotted by connecting the dots between a gullible user and your newly remodeled site.
  • Denial of Service: If your site can't be found when the address is typed in a browser, there's a good chance DoS or DDoS is to blame. When countless automated calls for your page or another service on the same server flood its connections, your website will choke.

Step two: Quarantine without prejudice

You know your site's been hacked, and you've got a good idea how it happened. The next step is to apply some IT-related first aid to stop the bleeding.
The quickest way is to shut down the compromised server. While you may have a hunch as to what took your site down, you probably won't know the extent of intent for some time. As such, it's better to be safe than sorry, and make sure the attack doesn't spread like Kerrigan's Zerg empire.
While this may seem like a logical first step, it's surprisingly difficult to quarantine effectively if you don't first know what's attacking. Pulling up your disaster recovery site is pretty useless if a phishing attack stole your credentials. Likewise, throwing another site up immediately following a DDoS attack is only adding more fuel to the fire.
It's better to be overzealous when quarantining rather than keeping sites live and spreading the disease.

Step three: Exterminate and restore

You've revealed the attack and had Scotty take the affected systems offline—now what? It's time to destroy the threat. This step will look slightly different depending on the attack discovered in step one.
Should you happen upon a phishing attack, quarantined systems will need to be scanned and scrubbed for any malware. You can use the Symantec virus database for that. It'd also be a good idea to change passwords. Consider multi-factor authentication, and have a little heart-to-heart with the more gullible users in your environment.
DDoS attacks will need to be waited out or otherwise filtered and diverted. If your servers are being overwhelmed, you'd be wise to invest in some traffic flood prevention further out on the network perimeter to quell future attacks.
Ransomware will either require a hefty Swiss bank account or a considerable amount of elbow grease and luck to be rid of. Thanks to the efforts of some white-hat folks, however, full recovery is possible—as pointed out by Bleeping Computer.
Finally, we have one last suggestion. Take some time, when the fire is fully extinguished, to learn from the event. What could have been prevented? How could a resolution be more quickly achieved? What can be done to avoid a similar attack in the future?
If your post-hack review uncovers other technology or IT-related issues, you may also want to consider a service such as HP's SmartFriend, your anytime technology guru. With SmartFriend, help is always near. Our experts can teach you how to use your device, fix unexpected problems, and make your technology work for you. SmartFriend technicians can solve your problems remotely, and are available 24/7 to accommodate your schedule, and can help with any device from any brand – not just HP products. Or, you might consider upgrading to devices with built-in security features such as the HP LaserJet Enterprise M506dn, which includes security features to detect, stop, and self-heal from attacks—automatically.
While checking off these three items should get you back up and running, learning from any mistakes made will help you adapt in this unforgiving digital world.
Repurposed with permission from an article by Joe Hewitson, originally published on Tektonika.

Disclosure: Our site may get a share of revenue from the sale of the products featured on this page.

Disclaimer

Prices, specifications, availability and terms of offers may change without notice. Price protection, price matching or price guarantees do not apply to Intra-day, Daily Deals or limited-time promotions. Quantity limits may apply to orders, including orders for discounted and promotional items. Despite our best efforts, a small number of items may contain pricing, typography, or photography errors. Correct prices and promotions are validated at the time your order is placed. These terms apply only to products sold by HP.com; reseller offers may vary. Items sold by HP.com are not for immediate resale. Orders that do not comply with HP.com terms, conditions, and limitations may be cancelled. Contract and volume customers not eligible.

HP’s MSRP is subject to discount. HP’s MSRP price is shown as either a stand-alone price or as a strike-through price with a discounted or promotional price also listed. Discounted or promotional pricing is indicated by the presence of an additional higher MSRP strike-through price

The following applies to HP systems with Intel 6th Gen and other future-generation processors on systems shipping with Windows 7, Windows 8, Windows 8.1 or Windows 10 Pro systems downgraded to Windows 7 Professional, Windows 8 Pro, or Windows 8.1: This version of Windows running with the processor or chipsets used in this system has limited support from Microsoft. For more information about Microsoft’s support, please see Microsoft’s Support Lifecycle FAQ at https://support.microsoft.com/lifecycle

Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, Xeon Inside, and Intel Optane are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

In-home warranty is available only on select customizable HP desktop PCs. Need for in-home service is determined by HP support representative. Customer may be required to run system self-test programs or correct reported faults by following advice given over phone. On-site services provided only if issue can't be corrected remotely. Service not available holidays and weekends.

HP will transfer your name and address information, IP address, products ordered and associated costs and other personal information related to processing your application to Bill Me Later®. Bill Me Later will use that data under its privacy policy.

Microsoft Windows 10: Not all features are available in all editions or versions of Windows 10. Systems may require upgraded and/or separately purchased hardware, drivers, software or BIOS update to take full advantage of Windows 10 functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See http://www.microsoft.com.

“Best All In One Printer” and “the easiest printer you’ve ever had to set up” from Wirecutter. ©2020 The Wirecutter, Inc.. All rights reserved. Used under license. https://www.nytimes.com/wirecutter/reviews/best-all-in-one-printer/

Get Marvel’s Avengers when you purchase HP gaming PCs with qualifying 9th gen or 10th gen Intel® Core™ i5, i7 and i9 processors. Redemption code will be sent out by email within 60 days of purchase. Limited quantities and while supply lasts. Offer valid thru 12/31/2020 only while supplies last. We reserve the right to replace titles in the offer for ones of equal or greater value. Certain titles may not be available to all consumers because of age restrictions. The Offer may be changed, cancelled, or suspended at any time, for any reason, without notice, at Intel’s reasonable discretion if its fairness or integrity affected whether due to human or technical error. The Offer sponsor is Intel Corporation, 2200 Mission College Blvd., Santa Clara, CA 95054, USA. To participate you must create an Intel Digital Hub Account, purchase a qualifying product during the redemption period, enter a valid Master Key, and respond to a brief survey. Information you submit is collected, stored, processed, and used on servers in the USA. For more information on offer details, eligibility, restrictions, and our privacy policy, visit https://softwareoffer.intel.com/offer/20Q3-19/terms.

© 2020 MARVEL. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.

The personal information you provide will be used according to the HP Privacy Statement (https://www8.hp.com/us/en/privacy/ww-privacy.html)