Clean-Up ServiceIf you have been hacked, clean-up is a major step in restoring security and moving past the incident. If you are targeted, even one dirty device can get you followed when you travel or move.
A successful clean-up involves identifying the weakness that the hackers exploited during the intrusion, fixing those weakness, restoring clean operating systems to any affected machines, and restoring access to clean filesystems.
The first step to clean-up is to establish a safe, secure sub-network and a collection of safe workstations. Your IT teams will need to use this secured sub-network to perform an audit of the affected systems and to perform the IT work involved in completing the clean-up.
Clean-up invariably involves an audit of the method(s) of attack. During this clean-up audit, the method of intrusion and the extent of damage need to be assessed. A conservative approach to clean-up often means that most of the systems on your network will be examined. Necessary updates to your infrastructure will be noted. Lists of affected computers and clean computers will be compiled.
After the clean-up audit, computers and networks are restored. The affected computers will typically require clean OS installation. Any affected storage media may also require cleaning, so that the files are restored to a form that is safe for access. The bulk of the effort for clean-up is of this type. If the clean-up audit was well done, then this restoration step will only need to be done once. On the other hand, if the audit was done to quickly, then the intrusions will repeat and your organization will have to continue restoring newly hacked machines.
The clean-up is complete when your network and workstations have been restored to normal function and safe operation. Only after clean-up should you consider whether extensive computer forensics will be necessary. In that case, please contact the FBI or law enforcement.
Contact Intrepid Net Computing for a customized clean-up plan.
More ExplanationsWhy Clean-Up Hacking?