Get CactusVPN for $3.5/mo!
In a world where there is a cyber attack every 39 seconds, it’s paramount to know what to do if your computer is hacked. Cybercriminals are getting craftier by the day, and you need to know what actions to take if the worst comes to worst.
Well, we’re going to show you exactly how to do just that. Plus, we’ll also discuss how to know if your computer is hacked, so that you don’t make any rash decisions.
True, one of the main reasons you might not be able to log into your operating systems is hardware failure or OS-related issues. But we’re not talking about that. In that case, your computer will generally keep restarting, or you’ll be booted into your OS’ Safe Mode instead.
What we’re referring to is getting a message that outright tells you your OS is locked down, and you won’t be able to access your files. You’ll be told to send a certain amount of money (a few hundred $ or more) to a cryptocurrency wallet address (usually a Bitcoin one), or a PayPal address. The message will state that if you don’t send the money in a certain amount of time, all your data will be wiped.
Sometimes, you might even be able to log into your OS, and see your computer’s desktop. But you won’t be able to do anything on it other than interact with the files left by the hacker, and see the new desktop background photo, which would normally be the message mentioned above.
If you’re in that situation, there’s no doubt that your computer has been hacked. Specifically, it was infected with ransomware – a type of malware that holds your data hostage until you pay up. To find out what you should do in such a scenario, skip to the “What to Do If your Computer Is Hacked With Ransomware” section below.
While this tactic is no longer as widely used by hackers as it was before, it’s still a sure sign that your computer has been compromised. In fact, the moment you see such a notification on your computer, it’s already too late since the infection has already spread to your OS.
Why do hackers bother with these notifications, then? Well, these fake messages are just the cybercriminal’s attempt at installing even more malware on your device. Alternatively, they might try to trick you into paying money for their “solution.” If you do that, not only will you waste money, but you’ll also have your credit card details stolen.
How do you know the antivirus/antimalware message is fake? Well, the best way to spot the differences is to know what your antivirus/antimalware provider’s notifications and messages normally look like. However, here are some signs that might give the fake message away:
Much like fake antivirus/antimalware messages, random pop-up messages and ads are also a sure sign your computer has been hacked. A normal one just won’t spam you with stuff like that.
Usually, this is caused by adware – malware that infects your computer with tons of ad-related pop-up notifications and messages. The ads you see can be for anything – drugs, medicine, pornography, video games, music, etc. They’ll often contain short, shady links that take you to phishing websites if you click on them. That can also happen if you hit the “X” button to close the message, though.
Also, if you try to close the messages, they’ll just pop up again in a few seconds. That, or new ads and messages will flood your screen whenever you try to close one.
If you suddenly can’t find files or programs you knew you had on your computer, there’s a chance you’re dealing with a malware infection. Hackers tend to use malware that gives them remote access of victims’ computers. They then steal any sensitive information they might find (work files, intimate photos, etc.), delete it from the target’s computer, and try to blackmail them with that data. They might also uninstall or disable security programs.
Of course, remote control of your computer isn’t always the cause. Malware like worms and Trojans are also programmed to delete any files they come across to wreak havoc on your computer.
Besides that, you might also notice new programs on your computer, and new icons on your desktop. Those are called PUP (Potentially Unwanted Programs), and are files/programs installed by hackers which contain malware. If you interact with them, or perform any action that triggers their activation, your computer will be infected with even more malware and viruses.
It’s not hard to spot unwanted toolbars since they tend to clog your browser to the point where they might take up a quarter of the screen or more. Plus, they usually have a spammy design and weird names that make them stand out from normal toolbars – not to mention they try to redirect you to shady websites.
“At least I can easily get rid of them, right?”
Yeah, it’s usually enough to remove them, and reinstall your browser. However, the problem is that if your browser has been tampered with, it’s extremely likely your computer has been exposed to malware infections too.
If you type in anything in your browser or search engine, and you get redirected to a completely different website, it’s usually a dead giveaway that your computer was hacked. For example, googling “dog food” redirects you to a website about email marketing and lead generation.
This usually happens because a cybercriminal is using malware and security exploits to control where your browser is directing your connection requests. Most of the time, they do this because they are paid to deliver clicks to someone’s website, or because they want to drive a lot of traffic to an ad-infested website to make quick ad revenue.
However, sometimes, a hacker could redirect your browser search queries to a malicious phishing website. In that case, not only will your device be exposed to even more malware, but you’ll also have sensitive information stolen (like your credit card details, email login credentials, or bank account information).
Having your CPU or GPU “put to work” (so to speak) while playing one of the latest video games is pretty normal, but they shouldn’t be used at full capacity, making very loud noises, and overheating.
If you notice that happening every time you start your computer, there’s a very big chance that it was infected with cryptomining malware. Basically, a hacker is using your computer’s graphics card and/or processor to mine for cryptocurrencies. Not only will that drive up your electricity bill, it can also make your computer slower, and damage your GPU, CPU, and fans through overheating.
You should also become alert if you just notice that your computer case fans are noisier than usual. That can happen if too much dust accumulates, but if you clean your computer, and the noise persists, there’s a chance cryptomining malware is at play. It’s just that the cybercriminal crontrolling it is trying to keep it a secret, so he/she is not using your computer’s full power.
If your friends, family, or work contacts are asking you about weird messages they received from your email address and/or social media profiles, it’s safe to say you’ve been hacked. The messages might contain shorten, shady links, pornographic content, or might outright ask your contacts to share sensitive information, which will be swiftly stolen.
Basically, either a cybercriminal has managed to take over your accounts, or they released malware in your computer that automatically replicates by sending out malicious messages to your contacts.
Sometimes, the hacker or malware might create tons of spammy posts on your social media profiles that contain malicious links. Anyone that interacts with them will have their own computer infected with the same malware.
If you try to log into your email address, social media profile, bank account, or operating system, and get a message telling you the login credentials you entered are wrong, there’s a chance you’re the victim of a cyber attack.
Sure, you might have just entered the wrong password or username, or missed a character or two. That can happen.
However, if you are 100% you’re typing in the correct credentials, the only explanation is that a cybercriminal has managed to take over your accounts, and has locked you out of them. They can manage such a feat by using malware, phishing messages, or exploiting security vulnerabilities to steal sensitive data from you, like usernames and passwords.
Is your mouse cursor moving by itself, preventing you from running security scans or interacting with icons on your desktop? That’s likely because a hacker has remote access to your computer, and can control it from the comfort of their own home. Cybercriminals normally manage to do that by infecting computers with Trojans and rootkits.
The biggest mistake you can make in this case is thinking that those “involuntary” actions taken on your computer are just glitches or hardware bugs. If you ignore them, the hacker will likely wait until your computer idles (when you’re not using it, basically), and use it to empty your bank accounts, and steal personal data which can later be sold on the deep web. They might also try to spread the malware to other people in your contacts list – either through email or social media messages.
We’re not just talking about missing $10-$20, though you should definitely contact your payment provider or bank if you notice regular unapproved transactions, no matter how small the amount is.
The classic sign that your computer has been hacked is an empty (or nearly empty) bank account. If a cybercriminal goes through all the effort to hack your device, they’re going to take as much money as they can. So, if you suddenly see you’re missing hundreds or thousands of $, you now know what the main cause could be.
Basically, a hacker might have infected your computer with malware that allows them to monitor your activities – including your keystrokes. Then, they just use that info to break into your accounts, and steal your money.
If your security software has suddenly stopped working, or you just noticed it was disabled, that can be a sign of a cybercriminal having control over your computer. That’s especially true if you can’t start up the antivirus/antimalware program at all, or if it has been uninstalled without your permission.
True, a system restore point could cause that too, but if you’re also not able to start your operating system’s Task Manager or Registry Editor, then there’s no doubt you’ve been hacked.
Before we get started, we should mention that these tips will only help if you have a second computer or laptop you can use. Of course, it should have no traces of malware infections or hacking activities.
If you don’t have a second device you can use, see if you can use one of your friends’ computers. Just make sure they run an antivirus/antimalware scan beforehand.
First things first, you need to make sure your computer is completely isolated from the Internet. So, make sure you remove all Ethernet cables, and turn off WiFi connectivity. If your device has a switch to turn off WiFi, use that instead of the software switch since a hacker can tamper with that to turn it back on. If you’re worried that your router might have been hacked too, you can disconnect it as well.
Since some malware or viruses can harm your computer even when it’s not connected to the web, we recommend disconnecting the device from the power source too.
We recommend using a USB drive caddy to connect the compromised hard drives to the second device since it’s safer. If you really need to place them in the computer or laptop, make sure they are set to secondary “slave” drivers. Otherwise, they’ll boot up first, and infect the second device with your malicious operating system.
Once you have safely connected the hard drives in the second computer or laptop, run a scan with the antimalware/antivirus program installed on it. Quarantine and delete any infections that are found.
When the hard drives are clean, back up any data you need from them – stuff like work files, personal photos and videos, important documents, etc.
Afterwards, completely wipe your hard drives. It might sound unnecessary after you just ran a security scan and got rid of all malware, but it’s better to be safe than sorry. You can do that with services like Disk Wipe or DBAN, but you can also check out the other options on this lengthy list.
After you’re done cleaning the hard drives, it’s time to put them back into your main computer. Once everything is set up, reinstall your operating system.
Once your OS is up and running, install the necessary drivers (motherboard, GPU, CPU, etc.). However, for the moment, we recommend not installing your LAN/Internet drivers yet. Before you do that, install your antivirus/antimalware program first to make sure you have a line of defense when you connect to the web. If you don’t have an installer, just download it on the second device, and put in on a USB stick.
Also, a bit unrelated but still important to mention – in the future, make sure your antivirus/antimalware software is always up-to-date. If it isn’t, it might not be able to keep up with the latest cyber attacks and malware.
When everything is configured, copy all the data you backed up from your hard drives.
If some of your money has gone missing, you need to get in touch with your bank as soon as possible. Let them know what happened, and that a hacker stole money from you. Depending on the situation, your bank might be able to help you recover the funds.
If you use an online payment platform like PayPal or Payoneer, you should contact their representatives as well if money has gone missing from those accounts.
Even if none of your funds are missing, it might still be a good idea to at least give your bank a heads-up that you’ve been the victim of a cyber attack.
Even if your online accounts haven’t been tampered with, it’s still a good idea to reset all your passwords. Ideally, you should come up with strong passwords, and make sure you use a different one for each account. Also, to boost their security, you should change them on a regular basis.
If you need help coming up with powerful passwords, we wrote an article on that topic.
Beside that, you should enable any form of multi-factor authentication on your accounts. The standard is two-factor authentication, where you need to use a randomly-generated code on your phone to complete the login process. That way, even if a hacker manages to steal your password, he/she won’t be able to access your accounts.
However, if your accounts are already compromised, it’s best to create new ones from scratch. It’s a hassle, but it’s much safer to do that.
Tell everyone (your family, friends, and even work colleagues) that your computer was hacked so that they know to ignore and report any suspicious messages they might receive from your social media and email accounts.
Make sure you stress how important it is to make sure they don’t click on any shady links they might have gotten from you, or open any attachments that were sent to them.
A VPN (Virtual Private Network) is an online service that can hide your IP address and encrypt your web traffic. While it can’t combat malware infections, it can help you secure your traffic while browsing the web.
Basically, if you don’t use a VPN, cybercriminals can exploit WiFi vulnerabilities to monitor your online traffic. By doing that, they can steal valuable information from you – like your login credentials, the contents of your messages, and your credit card or bank account details. With that kind of data, any hacker could easily steal money from you, and hack into your computer.
“But that’s only a risk if I’m using public WiFi, right?’
True, public WiFI is extremely unsafe to use – especially since most networks don’t use any encryption at all. However, your own home network has its flaws too. After all, even if you’re using WPA2, cybercriminals can still crack it with the right cyber attack. And that problem will only be fixed when WPA3 rolls out, but that might be years away.
So, you’re better off just using a VPN on your home computer at all times – alongside a secure antivirus/antimalware program, preferably. If you want to make things simpler, just set up the VPN connection on your router. That way, any time your computer (or any other device) connects to your home network, it will automatically use a VPN connection.
CactusVPN is just the solution you need. Our service can make sure you’re always safe on the web by:
And once you do become a CactusVPN customer, we’ll still have your back with a 30-day money-back guarantee.
Well, let’s address the first thing that’ll go through your head – should you pay the ransom or not? Most security experts advise against doing that since the cybercriminal could have the ransomware delete or refuse to decrypt your data anyway. On the other hand, you might be lucky, and the hacker might hand over the decryption key. Stuff like that has happened before when a hospital chose to pay a $55,000 ransom.
You can also try contacting law enforcement, though you shouldn’t 100% rely on them. How fast your problem is solved depends on how laws treat ransomware situations in your country, whether or not your police force has a dedicated cybercrime unit, and what other criminal issues take priority over your own. Since you’re dealing with a time limit with ransomware, waiting around isn’t really a good option.
So, if none of the options above are something you want to try, you might be successful with the following steps:
Usually, the best thing to do is take preventive measures – use powerful antivirus/antimalware software, avoid phishing messages, and always keep an offline backup of the important data on your computer.
Well, first, ask yourself this “is my computer hacked?”
To know that for sure, here are some clear signs you should look for:
If any of those signs are familiar, here’s what to do if your computer is hacked:
Now, if you’re dealing with ransomware, your options include paying the ransom, contacting the authorities, or trying to handle things on your own. Unfortunately, the first two options are not always the best ones, and you’re not guaranteed any results. You might be successful on your own (isolating the computer, identifying the ransomware, using The No More Ransom Project or Kasperky’s decryptors to get rid of the ransomware, recovering some files and wiping the hard drives), but you shouldn’t get your hopes too high since it might sometimes be impossible to recover from a ransomware attack. Your best option is to prevent it.