Serious Discussion How to respond after an infostealer attack

[oldschool]

We see lots of threads and posts about infostealers but rarely, if ever, discuss how to respond after this type of attack. The PC Security Channel actually posted a helpful little video for those who may not have a plan of action. Please share any thoughts or experience.

 

[Halp2001]

Thanks for the share, @oldschool. Very good video to understand the main actions to take in case of such an unfortunate event.

 

[Zero Knowledge]

I haven't given up against scams and ransomware but against targeted attacks, well I've learnt to accept I can not keep target attackers out long term no matter what.

Responding to an attack is simple, backup & restore (Hasleo or Macirum) or keep a Windows USB handy and use a password manager & change passwords once breached..

I honestly don't think there is much more you can do, I just move on and accept that there is not much I can do against persistent attacks.

In the end it's a bit of I don't care attitude, I'm not keeping or work with missile technology or nuclear bombs and I'm so very very very boring so it's a bit meh really.

 

[TairikuOkami]

We see lots of threads and posts about infostealers but rarely, if ever, discuss how to respond after this type of attack.

The order is also important, people will panic, rush to change the password first, but a hacker will be notified, so he can deny the change and log out the user.

I haven't given up against scams and ransomware but against targeted attacks, well I've learnt to accept I can not keep target attackers out long term no matter what.

Indeed, I keep believing that I can not get infected by an automatic malware, because it works in a predictable way (ABC), if you break the chain, you will break it.
But as for an targeted attack, hackers can hack FBI and NSA with the live network monitoring protection and alerted admins, so what can I do with my little pc.

In the end it's a bit of I don't care attitude, I'm not keeping or work with missile technology or nuclear bombs and I'm so very very very boring so it's a bit meh really.

I have been thinking, if I would lose all data and access to all my accounts, I would be definitely annoyed, then again, I do not really need any of that, I could finally read my books. Losing steam with 500 games would suck, but in reality, I hardly play any, so whatever. Essential accounts like banks can be restored, as for the rest, tough luck.

 

[Zero Knowledge]

I have been thinking, if I would lose all data and access to all my accounts, I would be definitely annoyed, then again, I do not really need any of that, I could finally read my books. Losing steam with 500 games would suck, but in reality, I hardly play any, so whatever. Essential accounts like banks can be restored, as for the rest, tough luck.

Exactly. You put it accurate & nicely. I agree with you, at first it does annoy you but everything can be replaced or restored including bank accounts and credit cards.

Even losing hardware that can be replaced, your life does not end if you lose access you just adapt and move on. It's just not a big deal.

The human world survived for millions of years without the internet and will do so for another 10 billion years god willing. That's life, it just moves on.

How many times has a hard drive failed? Split coffee on your laptop? PSU cooked your motherboard? Lost your phone? All can be replaced!

Now if the internet was cut or ceased to exist it would take some time, but then I would go for a walk or play a round of golf. Life will move on!

 

[Victor M]

@Zero Knowledge , stop being so pessimistic. Do you have an offline-prepared golden image? If the image was prepared offline with all your defenses, then you still have a chance.

The worst case is that they infected your supposed clean image. But that is due to bad op sec. I have done that before.

Perhaps your conclusion was drawn long time ago. But with all you know now, would you stand a better chance ?

 

[SirJon]

At the beginning of the video: "Let's assume you ran something like an infostealer on your computer"

That all by itself is a powerful sentence.