Hackers took over her machine; it was unclear how long they were operating in stealth mode or how they got the software on to her laptop. This is a true story that happened to a family member.
Then they started taking over accounts – iTunes, Google, Facebook, etc.
As opposed to a ransomware attack, where they would have encrypted her hard drive and required a payment to get the data back, it appeared this incursion was more of a “take over her identity” play.
Some additional background details to the story:
- She was using Norton Anti-virus and kept it up to date – including the file scanner, email filters and browser protection. Yet the hackers still were able to take over her system undetected.
- She had photos in Google Photos that she was sharing with family members; those she no long had access to because the hackers turned on 2FA on her Google account.
- She was using Gmail primarily as her “file cabinet” – keeping attachments there as opposed to exporting them to document folders.
- She had shared many documents via email with lawyers and financial institutions with personal info attached including images of her driver’s license. With that in mind, she was obviously worried about her credit cards and bank accounts.
- She also had local photos on her Samsung phone in the photo gallery – these were NOT sync’d to Google Photos. A total of about 6000 images taken over the span of 4-5 years.
She got some expert advice and took quick action, but at the end of the day was not able to get back all of her data. The steps taken were as follows:
- The laptop was taken offline – essentially by disabling the Internet and Wifi connection.
- The photos and important documents were copied to a USB stick. The stick was scanned to identify any viruses or trojan software – none were found but that didn’t build too much confidence.
- A factory reset was performed on the laptop – wiping out all the data and reinstalling the OS.
- She created a new Google account, and synchronized her phone contacts and photos with that account.
- Then she did a factory reset on her phone; and found that Samsung also had a backup of her contacts so that was good.
- She turned on two factor authentication for her new Google account to avoid any issues in the future.
- When her phone came back online, the contacts were downloaded to the phone, and she was back in business.
- With the fresh copy of Windows on her laptop, she reinstalled MS Office and a few other key apps.
- Out of precaution, she called her two banks and ordered new cards and reset her access PINs.
- She signed up for Equifax and Transunion credit protection services – that might have been overkill but she was really shook up by the whole experience and felt violated.
- Then she notified government departments, her employer, and friends and family that she had been hacked and passed along the message that if anyone noticed any suspicious activity from her that they should report it and delete it.
Many things were learned from this experience, and hopefully you don’t have to go through this yourself. Some lessons and observations:
- Google’s recovery methods did not work for her since the hackers had changed all of the recovery methods and turned on 2FA. So those photos at Google are gone forever. People think that because the data is in the cloud it is safe – not always!
- She was able to salvage the photos on her phone – not her entire collection – but more than 40% of them were recovered to another Google account. She has moved a copy of those to a local (offline) drive for safe keeping now.
- At least this was not a ransomware attack where everything was encrypted – so that was a positive thing.
Some things you can do to mitigate the impact of such an event:
- It is definitely not a pleasant experience to be hacked, and one feels violated. So, turn on two factor authentication (aka – 2FA or MFA) where possible.
- Use a secure password manager to ensure more complex passwords and different passwords for each online account.
- Be very careful about clicking on attachments or links to avoid the potential of this kind of thing happening to you.
- To protect your photos – make sure you have a local copy of your photos – not just on Dropbox or Google. Take an offline copy periodically – every 6 months or so – and put the drive on a shelf. These drives are cheap compared to the value of the memories they can protect!
We hope this never happens to you!