So Your Website has been Hacked and Redirected
In this article, we'll address what to do if your website has been hacked and is redirecting. A Compromised Website can damage your company’s credibility and reputation.
Depending on the nature of your website a hacked website can also open up significant liability depending on what the hackers are using your compromised website for.
We’ve seen compromised websites used for installing malware/ransomware onto customers' networks, stealing passwords and sensitive information, stealing credit card info, or even using it to target specific visitors.
Here’s What to do if your Website has been Hacked.
Take Your Website Offline:
If your website is actively redirecting users to malicious content, it's essential to take it offline to prevent further harm to your visitors. There are multiple ways to redirect a website, depending on how its redirecting this may or may not pause the redirects.
Change Passwords:
Immediately change the passwords for your website's hosting, content management system (such as WordPress), FTP, and any other related accounts. Ensure that strong, unique passwords and MFA are used for each account.
Consider Hiring Professional Help:
The quicker you can eradicate the compromise, the less reputational damage, business interruptions, and potential liability you’ll face.
We specialize in responding to cybersecurity incidents like this.
We’ve seen a lot of companies make mistakes during cybersecurity incidents like this. Hackers are good at establishing persistent access, you don’t want it to turn into a game a “whack-a-mole”
Investigate. You’ll need to determine:
How your website was hacked?
Where did the website redirect to:
What did the Redirected Website do?
Steal Credit Card information?
Installed malware?
Other Actions Hackers Took?
Did they modify other code on your website?
Install malware on your computer?
Remediate the Vulnerabilities that were exploited to Hack your Website:
Fix whatever vulnerabilities were exploited to compromise your website. This may be done by restoring from CLEAN website backups.
Revoke any Other Means of Unauthorized Access
Change Credentials, Remove Malware, Remediate Wordpress Vulnerabilities.
Restore the website
Bring the Secured Eebsite back Online.
Notify Affected Users:
If the Website was used to steal credit card information, install malware, etc it's best to notify users to prevent the incident from leading to something worse; something that you could potentially be held LIABLE for. This is best done sooner than later.
Check Domain Reputation and SEO:
The hack may have damaged domain reputation and caused your website and/or domain to be blacklisted by internet and security companies. Notify Hosting Providers, Spam Filter Providers, and request them to remove warnings or blacklist marks.
Monitor for Suspicious Activity:
Over half of victims of cyber crime are re-targeted, with the information that hackers learned during the initial breach.
Need Help With a Hacked Website?
Our Cybersecurity Emergency Team Offers.
1. Quick Incident Identification and Response:
2. Specialized Expertise and Tools.
3. Complete Cleanup and Restoration.
4. Strengthening Security Post-Recovery.