Think You've Been Hacked? What To Do First
Written by Ricky Jordan, SystemHelpDesk. Last updated: 12 June 2026.
SystemHelpDesk - Worldwide remote IT security and incident response, with on-site visits arranged through vetted local partners where available. Call 855-783-7555 | www.systemhelpdesk.com
If you think your business has been hacked or infected with malware, the first hour matters. Acting calmly and correctly can be the difference between a minor cleanup and a major loss of data, money, or trust. This guide walks you through exactly what to do - in plain English, no jargon.
In our experience, the businesses that recover fastest are the ones that don't panic, don't try risky DIY fixes, and get the right help quickly. Here's how to handle those first critical steps.
First, Stay Calm and Don't Make It Worse
It's natural to want to "fix it fast," but some instinctive reactions can actually cause more damage - deleting files, reinstalling software, or paying a demand can destroy evidence or make recovery harder. Take a breath and work through the steps below in order.
The First Steps To Take Right Now
- Disconnect the affected device from the network. Unplug the network cable or turn off Wi-Fi. This helps stop anything malicious from spreading to other computers or your shared drives.
- Don't turn the device off unless you're told to. Some recovery and investigation options depend on the system staying in its current state.
- Stop using the device for anything sensitive - no banking, no logging into accounts, no entering passwords.
- Write down what you noticed and when. A pop-up message, a strange email someone clicked, files that won't open - these details help identify what happened and how to respond.
- From a different, trusted device, change passwords on your most important accounts (email first, then banking and anything reused), and turn on multi-factor authentication where it isn't already on.
- Don't pay any ransom or demand, and don't reply to the attacker.
- Call SystemHelpDesk at 855-783-7555. The sooner experts are involved, the more we can contain and recover.
What NOT To Do
- Don't run random "cleaner" or "removal" tools you find online or that pop up on screen - many are scams or additional malware.
- Don't delete files or wipe the machine before it's been assessed; this can destroy data you could otherwise recover.
- Don't assume "nothing looks broken" means you're fine - some malware (like infostealers) works silently.
- Don't keep working as normal on the affected device and hope it goes away.
How To Tell What You're Dealing With
Different threats need different responses. A few quick signs:
- Files locked or renamed, with a payment demand - likely ransomware. See our ransomware guide.
- Unexpected bank transactions or odd behavior on financial sites - possibly a banking trojan.
- Logins from unknown locations, password-reset emails you didn't request - possibly an infostealer.
- Floods of pop-up ads, redirected searches - likely adware or unwanted software.
You don't need to diagnose it perfectly - that's our job. These signs just help you describe what you're seeing when you call.
How SystemHelpDesk Helps
When you reach us, we move quickly and methodically: we help you contain the problem, work out what happened and how, safely remove the malicious software, recover your data from clean backups where possible, and secure your accounts. Then we help close the gap that let it in, so it doesn't happen again - keeping you informed in plain language the whole way.
Frequently Asked Questions
How quickly should I act if I think I've been hacked? Immediately. The first hour often determines how much can be contained and recovered. Disconnect from the network and call for help right away.
Should I turn the computer off? Generally no, unless instructed - powering down can wipe useful information. Disconnect from the network instead.
Can you help remotely, or do you need to be on-site? Most incidents we handle remotely. Where hands-on work is needed, we arrange it through vetted local partners.
What information should I have ready when I call? What you noticed, when it started, any on-screen messages, and what the affected device is used for. Don't worry if you're unsure - we'll guide you.
Authoritative Resources
- CISA - Report an incident: https://www.cisa.gov
- FBI / IC3 reporting: https://www.ic3.gov
Don't Wait - Get Help Now
If you suspect your business has been hacked or infected, every minute counts.
Call SystemHelpDesk at 855-783-7555 or visit www.systemhelpdesk.com for immediate incident response.