You’ve Got Malware: What to Do If Your Network Is Compromised

malware cyber security keyboard

The inevitable has happened. Despite all resources and time allotted to creating a strong cyber-security platform, malware has infected your network. With it brings all the dangers of system destroying bugs, and time is of the essence.

If your network is compromised don’t panic, take action. Cyber-attacks are always changing, but there are always ways to combat them. To do so requires taking a few steps, which we’ll go over briefly.

1. Quarantine

First off, stop the malware from infecting other systems by quarantining it. This typically requires disconnecting the local network and blocking off all other external connections while you work to contain the issue. Inform staff of what’s going on and isolate the problem.

2. Block Ports

Network infection can continue if the malware jumps through connected ports. Knowing which ports to close requires an understanding of what type of infection is present, and is something your local IT experts will need to go over. In some cases, this is done with installed anti-virus software if the option is available.

3. Run Scans

Assuming the network is completely quarantined, it’s a good idea to scan for the malicious infection. Each system, online or off, should have the latest updates to detect all forms of malware. A thorough scan should readily reveal what infection has taken root.

However, malware often gets into systems as a result of outdated programs so you may need to analyze network traffic or other areas for malicious activity. This information is passed along to IT or your anti-virus provider to determine the root of the issue.

4. Remove Malware

Installed anti-virus measures or measures employed by security staff should now take place as to remove the malware from infected systems. Depending on the severity of the issue, the amount of time this takes will vary.

5. Restart and Restore Systems

From here, you’ll want to restart the machines after the infections are removed. This typically resets them to their safe state. It’s also advise undergoing another thorough scan in case the malware is still present.

6. Configure Firewall

The ports previous blocked by the infection should be added to your company firewall. These areas of intrusions should be examined by IT to determine how the infection occurred, but for the time being, you don’t want a repeat of the infection.

7. Reconnect Network

After the root cause has been determined and corrected, reconnecting the local network to internet should be safe. However, it is important to monitor activity during this period to prevent future intrusions. Vigilance is key to catch any further unusual activity.

It may also be worth changing passwords and updating security standards, depending on how the breach occurred. But, after following the steps above, you have a basic strategy for dealing with malware infections.

Though they are alarming, malware can be removed via diligence and quarantine. Most security systems provide sufficient measures to remove them, and your anti-virus provider is always available for support. MSP providers like Stratosphere Networks keep an eye on possible threats 24/7.  Give us a call at (877)599-3999 or fill out our contact form to learn about security solutions to prevent future attacks.