What should you do immediately if you get a ransomeware popup?

  • 1
  • Question
  • Updated 1 year ago
  • Answered
What should we do if we get a virus warning or ransomware popup telling us we've been hacked? What should we do immediately?
Photo of wmaslen


  • 140 Points 100 badge 2x thumb

Posted 2 years ago

  • 1
Photo of TM_Voltaire


  • 1,080 Points 1k badge 2x thumb
Hi @wmaslen and welcome to the Community!

Thank you for the inquiry. This problem is quite popular these days as ransomware is on the rise. 

If you see a message  that shows your computer or account has been hacked, or even if you suspect  that your computer has been hacked somehow, you can perform these steps for initial actions to take.

For virus concerns. 

There are a many possible causes for the warning to appear. However if it pops up in your screen especially when you're accessing the internet, it is most probably a "Tech Support Scam". For more information about it, refer to this page.

To fix this concern, you can try doing these things first.

1. Disconnect from the internet temporarily. You can also do a quick restart. Then proceed to the next steps.

2. Check your accounts for possible duplicates or a new user accounts then delete them. Then you can reset all of your passwords. Make sure that you have changed them to a stronger one.

3. Check your installed apps on the computer and then remove everything that got installed recently before your pop-up appeared. 

Please note that In most cases, malicious apps go into your system by piggybacking with more known apps. This gives them additional hiding capabilities which can slip through protection. These programs are classified as grayware and are not removed unless they display obvious malicious actions.

4. Try resetting your browser as well as the malicious program might've infected your web browser. To clean your browser, kindly follow the link below.

Resetting your web browser for performance and website redirection issues

Normally, this should remove the pop up but if it doesn't, feel free to contact our support channel for us to check on it.

You may also reply to this post and provide us a screenshot using this guide.

For ransomware concerns.

1. Personally, I recommend quickly backing-up/copying your encrypted files if there're any, then putting them in a separate location. This will make sure that even if the culprit decides to delete your files, you still have  them as a copy. And you can ask help to decrypt them without worrying that they will be destroyed.

2. Some ransomware variants are not supported by our decryptor file yet so here is a link to our tool called "Ransomware File Decryptor Tool", the page also has a list of the supported ransomware types out there. Please also be reminded that this doesn't guarantee either if the tool can actually decrypt all the ransomwares in the system. If it doesn't work, you can just wait until the tool will be able to decrypt the ransomware on your computer if it is currently not supported. You can access the tool using the link below.

Downloading and Using the Trend Micro Ransomware File Decryptor

For more details about ransomware threats, you may refer to the following link

Ransomware: Introduction, Prevention and Trend Micro Security Solutions

Also, thank you for being a subscriber of our premium support service! Premium Service Plan gives you 24x7 priority access to a Trend Micro support specialist. You can optionally call the Premium Service hotline directly to speak to someone live, who is also equipped with advanced tools to quickly diagnose and resolve your issues. Please find the premium service phone number in the "Call Premium Support" section in this page.

Thank you and I hope this gives you some insight on these kinds of issue. Tell us if you have further inquiries. Have a great day!

Trend Micro Home Users Community
Photo of mrsjlaw1349


  • 60 Points
My Laptoop was compdromised and I'm sure of it
Photo of TM_Kiko


  • 10,502 Points 10k badge 2x thumb
Hello mrsjlaw1349 ! Thanks for the response.

May we know if there were files that got encrypted by the ransomware? Can you tell us more about the pop up that you have seen? Is it asking you to contact a specific number so you can settle any amount or decrypt the infected files?

We would like to hear more about this matter so we can identify the threat.

All the best,

Trend Micro Home Users Community

This conversation is no longer open for comments or replies.