Ransomware Hit My Home Computer — What Do I Do Right Now?

If ransomware has encrypted your personal files and you are looking at a ransom demand on your screen, here is exactly what to do — step by step.

Step 1: Disconnect from the Internet Immediately

Unplug your ethernet cable and turn off WiFi. This stops the ransomware from spreading to other devices on your home network — phones, tablets, other computers — and stops it from communicating with the attackers' servers. Do this before anything else, even before calling for help.

Step 2: Do Not Pay the Ransom

Paying the ransom does not guarantee you will get your files back. Research consistently shows that approximately 30% of victims who pay do not receive working decryption keys. Paying also marks you as a viable, paying target and may result in further attacks. In Australia, making payments to criminal organisations may also have legal implications depending on the group involved — some ransomware operations are run by sanctioned entities.

Step 3: Check for Free Decryptors

Visit nomoreransom.org — a free service run by law enforcement agencies including the Australian Federal Police and Europol, in partnership with cybersecurity companies, that provides free decryption tools for many ransomware variants. Upload a sample encrypted file and the ransom note to identify the ransomware variant. If your variant is listed, you may be able to recover your files at no cost. This site is genuinely free and legitimate.

Step 4: Check Your Backups

If you have backups that were not connected to your computer when the attack occurred — an external hard drive that was not plugged in, or a cloud backup service that stores historical versions of your files — your data may be recoverable. Cloud services like Microsoft OneDrive, Google Drive, and Dropbox often store previous versions of files that can be restored even after ransomware has encrypted the current versions. Check the version history feature in your cloud storage.

Step 5: Report It

Report the attack to the Australian Cyber Security Centre at cyber.gov.au/report. Even if they cannot help recover your files, reporting helps authorities track ransomware campaigns and identify the groups responsible. If you paid a ransom, also report to the ACCC's Scamwatch.

Preventing the Next Attack

Once your device is recovered — either through restoration or clean reinstall — put protections in place before reconnecting. Set up automatic cloud backup with version history enabled. Install reputable endpoint security software. Keep your operating system and applications updated. And consider an external hard drive that you connect only for backups and disconnect immediately after. IntrusionX offers personal protection plans that include ransomware rollback capability — contact us to find out more.

Recovering Your Files Without Paying

Before considering any payment, exhaust all free recovery options. Check nomoreransom.org — it is updated regularly as law enforcement develops new decryption tools. Check your cloud storage for version history — OneDrive, Google Drive, and Dropbox all maintain previous versions of files that may predate the encryption. Check whether any external drives were not connected at the time of the attack. Consider engaging a professional data recovery service for critical files — they may have access to decryption tools or recovery techniques not publicly available.

Rebuilding Safely After an Attack

After recovering your files, do not simply restore to the same state — the vulnerability that allowed the attack still exists. Reinstall your operating system from scratch or use Windows' Reset this PC option to get a clean state. Update everything before reinstalling your applications. Install reputable security software before reconnecting to the internet. Change all passwords from a separate device before logging in to any accounts from the cleaned device. And immediately set up a cloud backup with version history so the next attack — if it ever occurs — results in no data loss at all. IntrusionX offers home security assessments and personal protection plans — contact us for support in getting properly protected after an incident.