| Timestamp (UTC) | Action taken | By whom | Outcome / notes | |-----------------|--------------|---------|-----------------| | 2026‑04‑14 09:12 | Detected anomalous login attempts | Self | Captured screenshots | | 2026‑04‑14 09:20 | Isolated server | IT | Network cable unplugged | | … | … | … | … |
I’m sorry you’re dealing with this. Below are the steps most experts recommend when you need to report a suspected hack (in this case, something you’ve labeled “wcc2”): | What to collect | Why it matters | |-----------------|----------------| | Screenshots / video of any suspicious activity, error messages, or unusual UI changes | Shows exactly what you saw, with timestamps. | | Log files (web‑server logs, application logs, firewall logs) | Provides technical details for investigators. | | Network captures (e.g., a short tcpdump or Wi‑reshark export) if you can safely take them | Helps pinpoint the source IPs and traffic patterns. | | Emails / messages that reference the hack (phishing attempts, ransom notes, etc.) | Gives context and possible threat actor identifiers. | | File hashes (MD5/SHA‑256) of any altered or newly‑added files | Allows others to verify the exact files you saw. | | Date‑time stamps of when the issue first appeared and any subsequent events | Establishes a timeline. | wcc2 hack