However careful you are online, there's always the risk that you could fall victim to a hacking attack. Whether you accidentally click on an email attachment and get 'phished' or become a victim of ransomware, like the WannaCry event that hit hundreds of thousands of individuals and organizations in 2017, the hackers will be on your doorstep.
In some cases, the hack is more dramatic – you'll notice that your computer has slowed because of some extra code it is running, or your antivirus program flags an issue. Other hacks can be more subtle, and may not be noticed until a credit card is used without your knowledge, or your email account starts sending spam to your contacts. Whatever the symptoms, when you realize you've been hacked you need to move quickly to deal with the problem – here’s what to do.
1. Cut the cord
Your computer or other device that's potentially infected needs to communicate with the internet in order for a hack to be effective – computer viruses and worms want to infect other systems. Turning off your Wi-Fi or disconnecting the Ethernet cable to take the infected device offline is the first step to regaining control, and preventing an attacker from wreaking more havoc.
2. Get the hard drive out
The next step is to power down the system and remove the hard drive, whether it's a HDD or an SSD. On some devices, such as on a phone or an ultra-thin laptop with an eMMC drive, this won't be possible, but in cases where the system drive can be removed doing so is a good strategy This then allows the drive to be worked on externally as a non-system drive.
The drive should then be mounted in an external caddy, or an inexpensive USB enclosure, and connected to another computer. Now you need to disinfect the drive by running a reputable antivirus scan on it, and ideally a second antivirus solution as well (do not run them simultaneously, but rather one after the other).
Also use a more general anti-malware program, and be sure to target any rootkits and Trojans as well, as these can be especially difficult to remove. Finally, be sure to remove any spyware with a program such as Spybot Search & Destroy. Take care that all the programs used for cleaning the drive have the latest signatures installed to remove all the latest threats.
3. Make a backup
With the drive still externally mounted, and the scans run, this is the time to get your data off it. That said, if you're running any software that you can download afresh from a trusted source, or have data that you have backed up elsewhere, you're better off restoring it on your clean drive (see step 4) from those sources – this is because even after running multiple scans there's no guarantee that every bit of malware will have been removed.
In order to deal with the potential threat of the malware that's still present in your files, they shouldn't be transferred to the main bootable hard drive of the second PC, or else the whole issue will just perpetuate itself if one of these files contains the malware.
Therefore, it's best to put the data on another external drive that you know to be clean. Be aware that getting the data off the hard drive you're trying to get clean isn't without risk, and USB drives are a popular way of transferring malware, including the now infamous Stuxnet virus. Also, after the data is transferred, the external drive should be rescanned with multiple antivirus and anti-malware programs.
4. Start again
While the hard drive is now (hopefully) disinfected, best practice is to not trust it, and not simply reinstall it, as the malware may still be there to continue the cycle. One option is to erase the hard drive with software designed to fully overwrite it, such as Eraser, and then reformat it. A better option still is to simply start over with a brand-new hard drive, and with plenty of options available that won't break the bank this is a relatively inexpensive way of guaranteeing that the malware can't rear its ugly head again.
Whether you're starting with a newly formatted hard drive, or a brand-new one, the OS will need to be reinstalled from trusted media, so go online, or break out the manufacturer's CD or that USB backup you made back before the computer was infected. Be sure to install all the required Windows updates, along with robust and up to date antivirus and anti-malware software.
5. Play it again
Now that your computer is working again, and free of malware, it needs to be backed up again. Before putting any data back on it, run the antivirus and anti-malware programs to make sure the device is not infected from the get-go. Only install programs from trusted sources. Also, before uploading the data, be sure to scan it once again.
6. Password permutations
So you're all done, and up and running again – but the chances are you won't be aware of any outstanding issues relating to the original infection. This is an excellent opportunity to change passwords, particularly for important and sensitive accounts, such as email, and financial services. Choose strong passwords, at least 12 characters long and with a combination of upper and lowercase letters, numbers and special characters.
Even better, this is a good time to transition to password manager software. These convenient programs make it simple to generate unique and difficult to hack passwords, and equally importantly, keep them usable across your multiple devices. Also, for those accounts that offer it, such as Google, Hotmail and Yahoo, download their authenticator apps and implement two-factor authentication, which is considered more secure than even the longest and most complex passwords.