Frequently Asked Question

If a malware attack is suspected on an Envisioneering workstation or server, perform the following actions immediately.

Performed by Users

1. Remove power cord and network cable on desktop workstations or hold the power button on laptops until the computer is shut down.
2. Notify IT immediately by phone. (Office 571-483-4108)

Include:

1. Name of employees whose computers were compromised
2. Serial number of computers compromised
3. Office location where computers were running

Performed by IT

1. Disconnect VPN for all offices
2. Run Tenable Agent Virus scan on all workstations
3. Begin Incident response plan and report
4. Verify integrity of file backups and roll back version if needed
5. Provide replacement workstations for infected computers
6. Boot infected system with no network connections enabled to verify infection
7. Run virus scan
8. Record which files might have been compromised
9. Contact the local DCSA field office and agent
10. Perform DOD secure wipe on workstation and reimage
11. Place computer in storage for reintroduction

What is ransomware?

Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key.

What is a computer virus?

A computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros to execute its code.