Previous All Posts Next

My Computer Was Hacked: What to Do Right Now

Posted: March 27, 2026 to Cybersecurity.

Immediate Steps to Take If Your Computer Was Hacked

Discovering that your computer has been hacked is alarming. Whether you noticed unauthorized transactions, strange programs running, ransom demands on your screen, or someone told you that your email is sending spam, the first few minutes of your response matter. Taking the right actions quickly limits the damage. Taking the wrong actions, or no action, makes recovery harder and more expensive.

This guide walks you through exactly what to do, step by step, whether you are a business owner whose company computer was compromised or an individual dealing with a personal machine breach.

Step 1: Disconnect from the Network Immediately

The single most important first action is to disconnect the compromised computer from the internet and your local network. This stops the attacker from continuing to access your system, exfiltrating more data, or spreading to other devices on your network.

How to disconnect:

  • Wired connection: Unplug the Ethernet cable from the computer
  • Wi-Fi: Turn off Wi-Fi from the system tray (do not just close the lid, which may only put it to sleep)
  • Mobile hotspot: Disconnect any phone tethering or mobile hotspot connections
  • Do not turn off the computer: Powering down destroys volatile evidence in memory that forensic investigators may need

If the computer is on a business network, also notify your IT department or IT support provider immediately. They may need to isolate the network segment to prevent lateral movement to other systems.

Step 2: Document Everything You See

Before you start fixing anything, document the evidence. Use your phone to take photos and screenshots of:

  • Any ransom messages, error messages, or unusual pop-ups
  • Programs or windows that should not be open
  • The Task Manager or Activity Monitor showing running processes
  • Recent browser history if accessible
  • Any emails or messages related to the compromise
  • The exact time you discovered the compromise

This documentation is important for law enforcement reports, insurance claims, and forensic investigation. Memory fades quickly, so capture everything now.

Step 3: Change Your Passwords from a Different Device

Using a phone or a different, trusted computer, immediately change passwords for your most critical accounts. Do not use the compromised computer for this because the attacker may have a keylogger capturing everything you type.

Change these passwords first, in this priority order:

  1. Email: Your email account is the master key because password resets for other services go through email
  2. Banking and financial accounts: Check for unauthorized transactions while you are logged in
  3. Cloud storage: Google Drive, Dropbox, OneDrive, iCloud, anything with synced data
  4. Social media: Attackers use compromised social accounts for phishing and identity theft
  5. Any account that uses the same password: If you reused passwords (common but dangerous), change every account that shared the compromised password

Enable multi-factor authentication (MFA) on every account that supports it. This adds a second verification step that prevents attackers from accessing accounts even if they have the password. Use an authenticator app (Google Authenticator, Microsoft Authenticator, Authy) rather than SMS-based MFA, which can be bypassed through SIM swapping.

Step 4: Check for Financial Damage

Log into your bank accounts, credit cards, and payment services from a trusted device. Look for:

  • Unauthorized transactions or transfers
  • New payees or payment recipients you did not add
  • Changes to account settings (email address, phone number, mailing address)
  • New credit accounts opened in your name

If you find unauthorized financial activity:

  1. Contact your bank immediately to freeze affected accounts
  2. File a fraud report with each affected financial institution
  3. Place a fraud alert on your credit reports through all three bureaus (Equifax, Experian, TransUnion). Reporting to one bureau automatically notifies the others.
  4. Consider a credit freeze, which prevents new accounts from being opened in your name

Step 5: Scan for Malware

If your existing antivirus did not catch the compromise, it may be insufficient against the specific threat. Use a secondary scanner for a second opinion:

  • Malwarebytes: Excellent at detecting malware that traditional antivirus misses (free scan available)
  • HitmanPro: Cloud-based scanning that uses multiple engines
  • Microsoft Safety Scanner: Free tool from Microsoft for one-time scans
  • ESET Online Scanner: Browser-based scanner that does not require installation

For business computers, your IT provider should handle this step using enterprise-grade tools and forensic procedures. Consumer-grade scanning may miss sophisticated threats and can inadvertently destroy evidence.

Step 6: Determine How the Hack Happened

Understanding the attack vector helps prevent it from happening again. Common ways computers get hacked:

Phishing Emails

You clicked a link or opened an attachment in a malicious email. The link may have led to a fake login page that captured your credentials, or the attachment may have installed malware. Check your email for suspicious messages you interacted with recently.

Weak or Reused Passwords

Attackers use credentials from previous data breaches (available on dark web databases) to try logging into your accounts. If you use the same password on multiple sites, one breach exposes them all. Check Have I Been Pwned to see if your email appears in known breaches.

Unpatched Software

Outdated operating systems, browsers, and applications contain known vulnerabilities that attackers exploit. If your computer has been deferring updates, those unpatched vulnerabilities may have been the entry point.

Malicious Downloads

Software downloaded from unofficial sources may contain bundled malware. This includes pirated software, free tools from suspicious websites, and browser extensions from unverified developers.

Remote Desktop Exposure

If Remote Desktop Protocol (RDP) is enabled and exposed to the internet without proper security (VPN, MFA, account lockout), attackers can brute-force their way in. This is one of the most common entry points for ransomware.

Need Help with Incident Response?

If your business computer was hacked, Petronella Technology Group provides emergency incident response services to contain the threat and recover your systems. Schedule a free consultation or call 919-348-4912.

Step 7: Decide Whether to Clean or Rebuild

After a hack, you have two options: clean the compromised system or rebuild it from scratch. For business computers, rebuilding is almost always the right choice because there is no way to be 100 percent certain that all malicious software has been removed from a cleaned system.

When to clean: Personal computers with low-risk data where the malware was a known, well-understood threat (adware, browser hijacker, commodity malware).

When to rebuild: Any business computer, any system that had access to sensitive data, any ransomware infection, any situation where the attacker had interactive access to the system, or any time you are not confident in the scope of the compromise.

Rebuilding means wiping the hard drive completely and reinstalling the operating system from official media. Then reinstall applications from legitimate sources and restore data from backups that predate the compromise.

Step 8: Restore from Backup

If you have clean backups from before the compromise, restoring data is straightforward. Verify that your backup is from before the attack began, not just before you noticed it. Attackers often have access for days or weeks before they take visible action.

If you do not have backups, data recovery options depend on the nature of the attack. Ransomware encryption may be reversible if the ransomware variant has a known decryption tool (check No More Ransom). Data deletion or corruption may be partially recoverable through professional data recovery services.

Step 9: Strengthen Your Defenses

After recovery, implement these protections to prevent future compromises:

  1. Use a password manager: Generate unique, strong passwords for every account
  2. Enable MFA everywhere: Multi-factor authentication on every account that supports it
  3. Keep software updated: Enable automatic updates for your operating system, browser, and applications
  4. Install proper endpoint protection: Business-grade EDR, not just consumer antivirus
  5. Set up automated backups: At least two copies of important data, one off-site or in cloud
  6. Use a DNS filter: Block access to known malicious websites at the network level
  7. Get security awareness training: Learn to recognize phishing and social engineering attacks

Frequently Asked Questions

Should I pay the ransom if my computer is locked by ransomware?+
The FBI and CISA recommend against paying ransoms because payment funds criminal operations and there is no assurance you will get your data back. Some organizations choose to pay when they have no backups and the data is critical, but this should be a last resort after consulting with law enforcement and cybersecurity professionals.
Can a hacker access my other devices on the same network?+
Yes. Once an attacker compromises one device on your network, they can scan for and attempt to access other devices. This is called lateral movement. Disconnecting the compromised device from the network is critical for containing the attack.
How do I know if my computer is hacked?+
Common signs include: unexpected pop-ups or software installations, computer running unusually slowly, programs opening by themselves, mouse cursor moving on its own, new browser toolbars or homepage changes, unfamiliar programs in startup, unusual network activity, and notifications that your passwords have been changed.
Should I report a hacking incident to law enforcement?+
Yes, especially for business systems or incidents involving financial theft. File a report with the FBI's Internet Crime Complaint Center (IC3) at ic3.gov. For ransomware and significant data breaches, also contact your local FBI field office. Law enforcement reports are also required for many cyber insurance claims.
How long does it take to recover from a computer hack?+
Personal computer recovery typically takes 1 to 3 days including wiping, reinstalling, and restoring data. Business computer recovery depends on the scope: a single compromised workstation might take a day, while a network-wide ransomware attack can take weeks to months for full recovery.
Can I prevent my computer from being hacked?+
You cannot eliminate all risk, but you can dramatically reduce it. The combination of strong unique passwords, multi-factor authentication, regular software updates, quality endpoint protection, automated backups, and security awareness training prevents the vast majority of successful attacks.
Need help implementing these strategies? Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
Explore Our Services
Cybersecurity AI Services Compliance HIPAA CMMC Managed IT

Related Articles

Network Security Assessment Checklist for Small Businesses in 2026 Network Security Assessment Checklist for Small Businesses in 2026 Don't Get Pranked Red Team Your AI Before They Do Don't Get Pranked Red Team Your AI Before They Do Outsmart Deepfakes in Your Contact Center Outsmart Deepfakes in Your Contact Center April Fools Cyber Drill for GenAI Apps Without the Pranks April Fools Cyber Drill for GenAI Apps Without the Pranks

About the Author

Craig Petronella, CEO and Founder of Petronella Technology Group
CEO, Founder & AI Architect, Petronella Technology Group

Craig Petronella founded Petronella Technology Group in 2002 and has spent more than 30 years working at the intersection of cybersecurity, AI, compliance, and digital forensics. He holds the CMMC Registered Practitioner credential (RP-1372) issued by the Cyber AB, is an NC Licensed Digital Forensics Examiner (License #604180-DFE), and completed MIT Professional Education programs in AI, Blockchain, and Cybersecurity. Craig also holds CompTIA Security+, CCNA, and Hyperledger certifications.

He is an Amazon #1 Best-Selling Author of 15+ books on cybersecurity and compliance, host of the Encrypted Ambition podcast (95+ episodes on Apple Podcasts, Spotify, and Amazon), and a cybersecurity keynote speaker with 200+ engagements at conferences, law firms, and corporate boardrooms. Craig serves as Contributing Editor for Cybersecurity at NC Triangle Attorney at Law Magazine and is a guest lecturer at NCCU School of Law. He has served as a digital forensics expert witness in federal and state court cases involving cybercrime, cryptocurrency fraud, SIM-swap attacks, and data breaches.

Under his leadership, Petronella Technology Group has served 2,500+ clients, maintained a zero-breach record among compliant clients, earned a BBB A+ rating every year since 2003, and been featured as a cybersecurity authority on CBS, ABC, NBC, FOX, and WRAL. The company leverages SOC 2 Type II certified platforms and specializes in AI implementation, managed cybersecurity, CMMC/HIPAA/SOC 2 compliance, and digital forensics for businesses across the United States.

CMMC-RP NC Licensed DFE MIT Certified CompTIA Security+ Expert Witness 15+ Books
Related Service
Protect Your Business with Our Cybersecurity Services

Our proprietary 39-layer ZeroHack cybersecurity stack defends your organization 24/7.

Explore Cybersecurity Services
Previous All Posts Next
Free cybersecurity consultation available Schedule Now