Assuring the printer state after the network is compromised by malware, virus, or ransomware attack
If a Lexmark printer has been exposed to a compromised or breached network (malware, virus, ransomware, etc.), this article shows you what you must do.
Issue description
If a Lexmark printer has been exposed to a compromised or breached network (malware, virus, ransomware, etc.), do the following steps to assure that the printer is in a trusted state.
Solution
- Disconnect the device from the network (both wired and wireless).
- Unplug the device, then wait for 30 seconds before plugging back into the main power to ensure that all volatile memory is cleared.
- Erase printer memory.To erase non‑volatile memory or individual settings, device and network settings, security settings, and embedded solutions, do the following:
- From the control panel, navigate to:Settings>Device>Maintenance>Out of Service Erase>Sanitize all information on non‑volatile memoryFor non‑touch screen printer models, pressOKto navigate through the settings.
- SelectStart initial setuporLeave printer offline.
- If the printer has a hard disk, erase the printer hard disk memory.
- From the control panel, navigate to:Settings>Device>Maintenance>Out of Service Erase>Sanitize all information on hard diskFor non‑touch screen printer models, pressOKto navigate through the settings.
- Depending on the printer model, selectERASEorContinue.
- Follow the instructions on the display.
This process can take several minutes to more than an hour, making the printer unavailable for other tasks. - Set up an admin account to restrict access to administrative functions from the network by doing any of the following:
- Follow the instructions in theRestricting public access to functions, applications, printer management, and security optionstopic in the Embedded Web Server (EWS) Administrator's Guide.
- Engage theSecure by defaultoption in the Initial Setup Wizard.
- Reconnect the device to the network.
- Reconfigure the device.