Do NOT turn your computer off, because after a reboot, an encryption software may take effect and you will no longer be able to access your data.
Disconnect your computer from the LAN and WLAN.
Do not log in as admin while the computer is still on the network.
Contact your systemadministration.
Check the (admin) accounts for correctness.
Check local firewall for e.g. wrong RDP shares.
Create an image (i.e. 1:1 copy) of the system with a boot stick to preserve evidence, as recommended by the BSI:
caine-live.net, paladin edge or a heise desinfec't stick.
Windows:
Open "Settings -> Update & Security -> Windows Security -> Virus & threat Detection".
Go to "Scan options" and select "Full scan" to scan your computer for viruses.
Or: Windows, Mac & Linux:
Use Avira to scan your computer.
Or:
Remove your hard drive.
Use an adapter to connect it externally to another computer that is not on the network and has been booted from a Desinfec't boot stick.
Scan the infected hard disk with tools on the Desinfec't boot stick (with the latest signature update).
Change your passwords.
If your computer has been compromised (i.e. data has been accessed or encrypted without permission), it is IMPORTANT that a report is made to the Bremer Landesdateschutzbeauftragte within 72 hours.
In addition, Ms. Petra Banik, Data Protection Officer (phone 60211, email pbanik at uni-bremen.de), the data protection officer of the University of Bremen, must be notified.
Install Updates (Operating system and applications on your computer and mobil devices).
Use an antivirus software (Windows Defender, Avira, Avast).
Use the firewall in your OS.
Create different user accounts (admins and standard user) with different passwords. If you also use your office computer privately, use a separate user account for this purpose. Separate company data and private data.
Use a password-protected screen lock.
Protect your data by encrypting your hard drive (also the backup hard disk).
Deactivate macros in Microsoft Office and do not activate macros for files you receive.
Configure your mail program so that remote content is not automatically downloaded.
Take your time when clicking on links in mails. Install for example in Thunderbird the plugin "Torpedo".
Only install software that is absolutely necessary and from trusted sources.
Do not allow external access to your computer. If it cannot be avoided, only allow VPN connections.
Disable services that are not needed.
Use the software in the ZfN instead of external providers. E.g. RocketChat instead of WhatsApp, Office in Seafile instead of Googledocs, scheduler/survey tool in DFN instead of doodle.
External storage media such as USB sticks, USB hard drives, network drives are not protected against encryption Trojans. All storage media to which the logged-in user has access are at risk.
Use WPA2, better WPA3 as encryption for your WLAN and switch off WPS and UPnP.
Awareness
There is usually always a human component as a contributor to a successful hack.
Do not click on links in suspicious mails.
Never enter your password on dubious websites. The university does not set unreasonably short deadlines for responses.
Do not use USB sticks to transfer data from colleagues or students. Instead use e.g. NextCloud (ZfN) or NextCloud (FB3).
Talk to people around you (family, roommates, guests) about data security.
Encrypt/password-protect data exchange with project partners.
Dispose of unnecessary devices (computer, WLAN router, printer,...).
Include IT security in project costs (backup disks,...).
Close windows and doors, use password-protected screen saver.
Passwords
Use strong passwords.
Use different passwords.
At least 12, better 20 characters.
It is better to have a somewhat complex, long password than simple ones that are constantly recreated. Longer passwords are better than shorter very complex ones.
Use two-factor authentication wherever possible.
Use a password manager (i.e. Keepass (Win), KeepassXC (Mac/Linux), Keepassium (iOS), KeepassDX (Android)).
Or use the Apple Notes app and encrypt the note afterwards.
Browsers such as Safari save the passwords. Make sure that the computer is not unattended. The computer should be secured with a password-protected screen saver.
Check at haveibeenpwned.com if your email address has been hacked. Register there if you want to. You will be notified.
Or/and check at Firefox Monitor whether you have already been affected by a data leak.
Backup
Create backups with Apple "Time Machine Backup" or Windows Backup (Image 1x/week with "Backup and restore Win7" and hourly backup with "Windows 10 Backup").
