Been hacked? This is what you need to do now
All is not lost – here's how to get up and running again
However careful you are online, there's always the risk that you could fall victim to a hacking attack. Whether you accidentally click on an email attachment and get 'phished' or become a victim of ransomware, like the WannaCry event that hit hundreds of thousands of individuals and organizations in 2017, the hackers will be on your doorstep.
In some cases, the hack is more dramatic – you'll notice that your computer has slowed because of some extra code it is running, or when any of the best antivirus programs flag an issue.
Other hacks can be more subtle, and may not be noticed until a credit card is used without your knowledge, or your email account starts sending spam to your contacts.
Whatever the symptoms, if you think you've been hacked you need to move quickly to deal with the problem – here’s what to do.
1. Cut the cord
Your computer or other device that's potentially infected needs to communicate with the internet in order for a hack to be effective – computer viruses and worms want to infect other systems.
Turning off your Wi-Fi or disconnecting the Ethernet cable to take the infected device offline is the first step to regaining control, and preventing an attacker from wreaking more havoc.
You should also power off your computer for now. This will stop any programs that are running, including any viruses or malware.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
2. Scan your hard drive
If someone was just trying to hack into your device, they won’t have any joy while your machine is powered off and disconnected from the internet.
Still, it’s possible there may already be malware on your machine. Even if you have antivirus software already installed, there’s little point powering on your PC and running a scan if you’re infected, as many viruses will disguise themselves once they’ve gained a foothold in your system.
Instead, you need to scan your hard drive from the outside. One way to do this would be to remove the disk altogether from your computer, place it in a USB enclosure and connect it to another device.
This can be difficult to do right, unless you’re very experienced with computers. Internal PC components are vulnerable to static shock : although your hard drive has some shielding against this, other parts don’t.
On some devices, such as an ultra-thin laptop with an eMMC drive, the hard drive isn’t even designed to be removed.
You’ll find it much easier and faster to use any of the best antivirus rescue disks instead such as ‘Kaspersky Rescue Disk’. If you don’t have one of these already, you’ll need to use a separate, uninfected computer to download the necessary ‘ISO’ files and either burn them to a CD/DVD or (More commonly these days) copy them to a USB stick. You can get help with this from the antivirus developer’s support pages.
The basic process is the same for all antivirus rescue disks. You’ll boot into the special ‘environment’ they’ve created, which exists in the computer’s RAM. You may be asked to reconnect your machine to the internet. You can do this safely when using an antivirus rescue disk, as you’re not booting from the infected hard drive. This will allow the software to update its antivirus database.
You can then run a scan on any hard drives installed/attached to your PC. This is usually just a question of clicking ‘Scan’. The program will also usually offer you a way to quarantine any infected files it finds.
If you’ve actually hooked up your hard drive to another computer, naturally you can use the best ransomware protections to scan it, automatically removing spyware and adware as well as nastier types of malware.
Whichever program you use, make sure that it can also detect Trojans and rootkits. Rootkits in particular are very difficult to remove, as they can copy themselves to areas like your computer’s BIOS or hard drive boot sectors, then re-infect your machine. Use the free Norton’s Power Eraser tool to detect and remove rootkits on your hard drive.
If you think the rootkit might be lurking in your machine’s firmware, then scanning the hard drive won’t help. Speak to your device manufacturer before going any further.
3. Restore your backups
If you’ve been backing up your files regularly, then you can skip this step. If you still have important files on your infected hard drive, read on.
Once the antivirus scans are complete and any infected files are quarantined, you can begin copying your personal files to an external disk like a USB stick.
Unfortunately USB drives are also a popular way of transferring malware, as happened with the now infamous Stuxnet virus.
Viruses can also hide in seemingly innocent-looking files. For instance in October 2002, the North Korea-based hacker group Lazarus sent out PDF’s with fake job offers via Amazon which contained an older Dell computer driver, which left people’s machines vulnerable to infection.
If you really have to copy files over, make sure to properly format the USB drive first. If your hard drive is externally connected to another computer, you can begin copying and pasting files across. (Do not copy any programs or system files).
If you used an Antivirus Rescue Disk in the last step instead of removing your hard drive you can recover your files using the best USB bootable distros - a ‘live’ bootable version of the Linux OS like Puppy Linux. Malware designed for Windows machines won’t run in Linux, so you’ll be safe whilst using it.
Once you’ve copied files to the USB stick, make sure to run antivirus scans on it once again using your other computer/antivirus rescue disk before continuing.
We can’t emphasise strongly enough though, that if you do have a way to restore your data using a backup from before the infection happened, you should use that. Copying files from a drive you know to be infected is never a good idea.
4. Start again
While the hard drive is now (hopefully) disinfected, best practice is to not trust it, and not simply reinstall it, as the malware may still be there to continue the cycle.
If your hard drive is connected to another PC one option is to erase the hard drive with software designed to fully overwrite it, such as Eraser, and then reformat it. If your hard drive is still inside your machine, use the bootable program DBAN (Darik’s Boot and Nuke) to erase it properly.
The best option though is to simply start over with a brand-new hard drive, and with plenty of options available that won't break the bank this is a relatively inexpensive way of guaranteeing that the malware can't rear its ugly head again.
Whether you're starting with a newly formatted hard drive, or a brand-new one, the OS will need to be reinstalled from trusted media, so go online, or break out the manufacturer's CD or that USB backup you made back before the computer was infected.
Be sure to install all the required OS updates, along with robust and up to date antivirus and anti-malware software. We also recommend installing the best adblocker software such as the uBlock Origin extension in any web browsers you use. This should filter out most malicious links to prevent infection in future.
If you did choose to copy some of your personal files onto a USB stick in the previous step, only insert it into the PC once it’s installed and your antivirus is up to date.
Make sure to run an antivirus scan on them before copying the files back onto your hard drive.
5. Play it again
Now that your computer is working again, and free of malware, it needs to be backed up once more. Before putting any data back on it, run the antivirus and anti-malware programs to make sure the device is not infected from the get-go. Only install programs from trusted sources. Also, before uploading the data, be sure to scan it once again.
Keeping regular backups is an excellent way to recover quickly from an infection, as you can simply restore your system to a point before the virus entered it.
If you’re a Mac user, you can just use the built-in “Time Machine” utility to do this. (Although this won’t necessarily protect you from rootkits, so remain vigilant). Windows users, meanwhile, can use the best backup software.
6. Password permutations
So you're all done, and up and running again – but the chances are you won't be aware of any outstanding issues relating to the original infection.
You should definitely take this chance to change all passwords. Make sure these are different for every online service you use and have a high degree of entropy i.e. they’re hard to break.
If you don’t use one already, now may be a good time to switch to one of the best password managers. These convenient programs make it simple to generate unique and difficult to hack passwords, and equally importantly, keep them usable across your multiple devices.
If you don’t want to trust your passwords to a third-party program, Diceware is another great way to generate very strong and easy to remember passwords without using any specialist software.
Also, for those accounts that offer it, such as Google, Hotmail and Yahoo, download their authenticator apps and implement two-factor authentication. This means if someone tries to log into your account from a new device or location, they’ll need to provide a 6-digit code as well as your password to log in.
You can provide this easily yourself if, for instance, you get a new cellphone using any of the best authenticator apps but an attacker would have no way to steal the code, as they keep changing.
7. Old habits die hard
Now that you've been through your first hacking attempt, you understand the importance of keeping regular backups as well as keeping your system and antivirus up to date. You’ve also hopefully by now changed to using unique, strong passwords for all your online services as well as use two-factor authentication where available.
New forms of malware are coming out all the time but they still rely on good old human error to help them spread. This means you have to develop some other good habits to stay safe:
Even if that doesn’t happen, you’re broadcasting your IP address and any unencrypted data to the internet at large. Choosing the best VPN provider will encrypt your traffic and conceal your IP behind a VPN server.
Jonas P. DeMuro is a freelance reviewer covering wireless networking hardware.