Frequently Asked Question
If a malware attack is suspected on an Envisioneering workstation or server, perform the following actions immediately.
Performed by Users
- Remove power cord and network cable on desktop workstations or hold the power button on laptops until the computer is shut down.
- Notify IT immediately by phone. (Office 571-483-4108)
Include:
- Name of employees whose computers were compromised
- Serial number of computers compromised
- Office location where computers were running
Performed by IT
- Disconnect VPN for all offices
- Run Tenable Agent Virus scan on all workstations
- Begin Incident response plan and report
- Verify integrity of file backups and roll back version if needed
- Provide replacement workstations for infected computers
- Boot infected system with no network connections enabled to verify infection
- Run virus scan
- Record which files might have been compromised
- Contact the local DCSA field office and agent
- Perform DOD secure wipe on workstation and reimage
- Place computer in storage for reintroduction
What is ransomware?
Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key.
What is a computer virus?
A computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros to execute its code.