By Jonas DeMuro
techradar.com
Even the most vigilant internet users aren’t immune to the possibility of a cyberattack. Whether it’s falling for a phishing email, or getting caught in a ransomware wave like the 2017 WannaCry outbreak that impacted countless individuals and organizations worldwide, hackers can find their way in.
Sometimes the intrusion is obvious—your computer slows down due to suspicious background processes, or your antivirus alerts you to a threat. Other times, it’s stealthier: unauthorized credit card transactions appear, or your email account starts blasting spam to your contacts. Regardless of the signs, once you realize you’ve been breached, swift action is critical. Here’s your recovery plan.
Compromised? Follow These Immediate Steps
1. Disconnect from the network
Any infected device relies on an internet connection to carry out its malicious objectives—viruses and worms aim to propagate to other systems. Immediately disable your Wi-Fi or unplug the Ethernet cable to isolate the compromised device. This cuts off the attacker’s access and prevents further damage.
2. Extract the storage drive
Next, shut down the system and physically remove its hard drive (HDD or SSD). On some devices like smartphones or ultra-thin laptops with an eMMC drive, this isn’t feasible—but when it is, extracting the drive is a smart move. It allows you to work on it externally as a non-bootable volume.
Place the drive into an external caddy or a budget-friendly USB enclosure, then connect it to a different computer. Now, disinfect the drive by running a trusted antivirus scan, followed ideally by a second antivirus tool (run them sequentially, not simultaneously).
Additionally, use a comprehensive anti-malware program that targets rootkits and Trojans, as these are notoriously stubborn. Finish with a spyware removal tool like Spybot Search & Destroy. Ensure every cleaning utility has the latest virus definitions to catch the most recent threats.
3. Secure your data
With the drive still externally attached and scans completed, it’s time to salvage your files. However, if you have software you can re-download from a reliable source, or data already backed up elsewhere, it’s safer to restore from those origins—because even after multiple scans, no cleanup is 100% guaranteed.
To avoid reintroducing malware, do not transfer files directly to the main bootable drive of the second PC. Instead, copy them to another external drive you know is clean. Be aware that this process carries risk; USB drives are common vectors for malware, including the infamous Stuxnet virus. After transferring, rescan the external drive with several antivirus and anti-malware tools.
4. Start fresh
Even if the drive appears disinfected, it’s unwise to trust it. Simply reinstalling it could let lingering malware restart the cycle. One approach is to fully overwrite the drive using software like Eraser, then reformat it. A better solution is to replace it with a brand-new hard drive—affordable options exist, and this guarantees the malware won’t resurface.
Whether you use a freshly formatted drive or a new one, reinstall the operating system from trusted media—either downloaded online, from the manufacturer’s disc, or from a USB backup made before the infection. Install all necessary Windows updates, plus robust, up-to-date antivirus and anti-malware software.
5. Back up immediately
Once your system is operational and malware-free, create a fresh backup. Before restoring any data, run antivirus and anti-malware scans to confirm the device is clean from the start. Only install programs from reputable sources. Also, scan your saved data one more time before copying it back.
6. Revamp your passwords
Your system is restored, but you may still face unresolved issues from the original attack. This is the perfect moment to update passwords, especially for sensitive accounts like email and financial services. Create strong passwords—at least 12 characters long, mixing uppercase and lowercase letters, numbers, and special symbols.
Even better, consider switching to a password manager. These handy tools generate unique, hard-to-crack passwords and keep them accessible across all your devices. For accounts that support it—such as Google, Hotmail, and Yahoo—download their authenticator apps and enable two-factor authentication, which offers stronger security than even the most complex password.
%22%20%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D%22100%25%22%20stop-color%3D%22hsl(121%2038%25%2069%25)%22%20%2F%3E%0A%20%20%20%20%3C%2FlinearGradient%3E%0A%20%20%3C%2Fdefs%3E%0A%20%20%3Crect%20width%3D%221200%22%20height%3D%22750%22%20fill%3D%22url(%23bg)%22%20%2F%3E%0A%20%20%3Ctext%20x%3D%22600%22%20y%3D%22286.5%22%20text-anchor%3D%22middle%22%20fill%3D%22hsl(130%2052%25%2036%25)%22%20font-family%3D%22Inter%2C%20ui-sans-serif%2C%20system-ui%2C%20sans-serif%22%20font-size%3D%2224%22%20font-weight%3D%22700%22%20letter-spacing%3D%220.22em%22%3ETECH%3C%2Ftext%3E%0A%20%20%3Ctext%20text-anchor%3D%22middle%22%20fill%3D%22hsl(327%2038%25%2020%25)%22%20font-family%3D%22Georgia%2C%20'Times%20New%20Roman'%2C%20serif%22%20font-size%3D%2250%22%20font-weight%3D%22700%22%3E%3Ctspan%20x%3D%22600%22%20y%3D%22351.5%22%3EYouTube%26apos%3Bs%20So-Called%20%26apos%3BOpen%3C%2Ftspan%3E%3Ctspan%20x%3D%22600%22%20y%3D%22410.5%22%3ELetter%26apos%3B%20on%20Logan%20Paul%20Is%3C%2Ftspan%3E%3Ctspan%20x%3D%22600%22%20y%3D%22469.5%22%3EAnything%20But%20Transparent%3C%2Ftspan%3E%3C%2Ftext%3E%0A%3C%2Fsvg%3E)
