11 of the most famous ransomware examples

Ransomware hacker

Ransomware attacks are at an all-time high – and show no sign of letting up. According to the 2023 Ransomware Market Report, this type of cyberattack is expected to cost victims around $265 billion annually by 2031 – a sobering statistic that illustrates just how much of a problem this kind of malicious software is for the global economy.

It’s not just the financial impact of ransomware that can leave companies reeling. Suffering a security breach of any size can severely impact the reputation of the organisation in question, not to mention create unexpected downtime that can put a profit-damaging pause on their daily operations. And if details of the case get leaked into the public domain, it could take years, if not decades, for the affected business to gain back the trust of its customers and peers.

It’s difficult to quantify the effects of large-scale ransomware attacks. Further on in this article, we’ve ranked the top 11 biggest ransomware attacks of all time based on the financial hit these firms suffered and the devastating consequences they had to face during the clean-up phase. These examples are listed in no particular order – in many ways, they’re equally as shocking and as fascinating as each other!

First, though, let’s put ransomware into context by discussing how it can be rolled out into your devices or networks to begin with, and what you should do if you suspect your system is under attack.   

What is ransomware, and how does it work?

Ransomware is a type of malicious software (aka malware) that encrypts a victim’s data or locks them out of their system, rendering their files – or in some cases their entire network – totally inaccessible.

Once it has made its way inside a system, ransomware often spreads across the network, encrypting data on multiple devices. This encryption is typically very strong, making it nearly impossible to decrypt the files without the attacker’s private key.

Once the system has been fully encrypted, the ransomware displays a message demanding payment to decrypt the files. This message often includes a deadline for payment and threatens to permanently delete the data or increase the ransom if payment isn’t made within the specified time.

If the victim pays the ransom (though this is not recommended, for reasons we’ll discuss later), they might receive a decryption key. However, there’s no guarantee that the attacker will provide the key, or that it will work as promised.

Typically, the ransom is requested in cryptocurrency, which makes the transaction harder to trace and the perpetrator more difficult to track down. And in some cases, there’s no resolution. The attacker doesn’t always follow through on their promise to restore the system once they have been compensated, leaving the business or individual out of pocket and still unable to access their personal or sensitive data.

How can ransomware be used to infect a system?

Though there are many routes that cybercriminals can take to executing a successful attack, ransomware is generally deployed through:

Phishing emails

Many people are accustomed to opening emails and attachments without verifying their authenticity first, which means attackers can easily deliver ransomware by sending a message with malicious files included or a link to an app that will download the malware onto the recipient’s device.

The emails will appear to be from a legitimate source, but if you look a little closer, there will usually be some subtle errors that will give the game away. Unfortunately, many of us haven’t got time to scrutinize every last letter, leaving cybercriminals to routinely take advantage of just how busy we are.

Malicious downloads

Ransomware can be embedded in software, applications, or files that are available on the internet. When users download and install these programs or files, the ransomware is also installed on their systems.

It’s an effective means of getting people to unknowingly infect their devices, because it’s easy to accidentally download software from unofficial sources or click on advertisements that lead to malicious sites.

Vulnerabilities in outdated software

Many individuals and organizations delay or neglect updating software, leaving known vulnerabilities open for exploitation. Not having the latest patches and updates installed could cost them access to their entire network.

Remote Desktop Protocol (RDP)

Sadly, RDP has become a well-known ransomware gateway. Attackers can impersonate colleagues or IT support workers before being given the opportunity to implant the ransomware directly onto company computers.

What happens next?

Once they’ve realized they have been targeted with a ransomware attack, victims usually have the following options:

Disconnect the computer from the network

Isolating the device will stop the ransomware from scanning the network for vulnerabilities and infiltrating the wider system. Don’t reboot your computer, as this could delete any copies of the malware’s encryption keys that have been stored in the memory. If a machine only ends up being partially encrypted – because, for example, the process has been blocked by something like a permission issue – the last thing you want to do is restart it and get it to finish the job!

Pay the ransom

Though it might be tempting to fix the situation quickly with a lump sum payment, cybersecurity experts and law enforcement agencies agree that you should avoid paying the ransom request at all costs.

First of all, as we’ve already mentioned, there’s no guarantee that your attackers will provide the decryption key; they could simply take your money and move on. By paying up, you’re giving these cybercriminals the funds they need to continue and expand upon their operations, so from a moral standpoint, you’re feeding the problem. You’re also establishing yourself as a ‘good’ payer, so you’re more likely to be targeted again in the future.

Remove the malware

A great idea in principle – but something that can be difficult to execute. Some websites do offer decryption tools for certain strains of ransomware, and sometimes it’s possible to use a reputable anti-malware or antivirus software to scan and remove the offending file or code. In other cases, you will need to manually delete malicious files or entries from the registry, but this can be complex and risky.

What are the top 11 ransomware attacks of all time?

In no particular order, the team here at SUPERAntiSpyware rates the below ransomware attacks as the most devastating of all time:

  • NotPetya (2017 – Financial Loss: approx. $10 billion)
  • WannaCry (2017 – Financial Loss: approx. $4 billion)
  • GandCrab (2018 – Financial Loss: approx. $2 billion)
  • Locky (2016 – Financial Loss: approx. $1 billion)
  • Costa Rican Government (2022 – Financial Loss: approx. $30 million/day)
  • Ryuk (2018 – Financial Loss: approx. $150 million)
  • REvil/Sodinokibi (2019 – Financial Loss: approx. $70 million)
  • SamSam (2016 – Financial Loss: approx. $6 million)
  • Colonial Pipeline (2021 – Financial Loss: approx. $4.4 million)
  • CryptoLocker (2013 – Financial Loss: approx. $3 million)
  • AIDS Trojan (1989 – Financial Loss: approx. $189-$378 per victim)

Let’s dive into each of them in more detail.

AIDS Trojan

Year: 1989

Type: Encryption ransomware (floppy disk delivery)

Attacker: Dr Joseph Popp

Target: Attendees of the World Health Organization’s AIDS conference

Losses: $189-$378 ransom per victim; limited economic impact

Current Status: Historic, not active

Otherwise known as the PC Cyborg, the AIDS Trojan was the first recorded ransomware attack.

Back in the late 80s, it wouldn’t have been possible to spread malware codes via the internet – so the perpetrators used floppy disks to target the subscriber list of a World Health Organization AIDS conference instead. By accessing the floppy disk, victims were unknowingly releasing malware onto their computers.

The ransom itself wasn’t a significant sum; the attacker only asked for between $189 and $378 to release the encrypted files. But the case proved what was possible and likely inspired many would-be cybercriminals to try their luck.

CryptoLocker

Year: 2013-2014

Type: Encryption ransomware

Attacker: Evgeniy Mikhailovich Bogachev

Target: Various Windows users

Losses: Approximately $3 million in ransom payments

Current Status: Neutralized in May 2014 (Operation Tovar)

An excellent example of ransomware that works Trojan-style via malicious email attachments, CryptoLocker code affected hundreds of thousands of Windows customers when it was first released in September 2013.

Once the infected document or ZIP file had been opened, CryptoLocker installed itself on the user’s computer – and quickly searched for any connected network drives for a wide range of file types (documents, images, etc.). It then encrypted these files using strong RSA and AES encryption algorithms.

CryptoLocker displayed a ransom note on the victim’s screen demanding payment in Bitcoin or other forms of cryptocurrency in exchange for the private decryption key, which was stored on a remote server controlled by the attackers. The ransom amount was typically between $100 and $300 (though it varied), and victims were given a limited amount of time – usually 72 hours – to pay.

In June 2014, an international law enforcement operation known as “Operation Tovar” targeted the Gameover ZeuS botnet, which was responsible for spreading CryptoLocker. The operation successfully took down the infrastructure behind both the botnet and CryptoLocker. As a result of the takedown, CryptoLocker’s servers were seized, making it impossible for the ransomware to communicate with its control servers and neutralizing the threat.

Colonial Pipeline

Year: 2021

Type: DarkSide RaaS (Ransomware as a Service)

Attacker: DarkSide

Target: Colonial Pipeline (US fuel pipeline)

Losses: $4.4 million paid, $2.3 million recovered

Current Status: DarkSide infrastructure reportedly shut down

Large ransomware attacks don’t just affect companies – they can impact the lives of everyday Americans.

The Colonial Pipeline ransomware attack was a high-profile cybersecurity incident that took place in May 2021. It targeted Colonial Pipeline, one of the largest fuel pipeline operators in the United States, which supplies nearly half of the East Coast’s fuel, including gasoline, diesel, jet fuel, and heating oil. The attack had wide-reaching consequences, impacting fuel supply and prices across several states.

How was this allowed to happen? Well, investigators eventually determined that attackers gained access to Colonial Pipeline’s IT systems through a compromised password. It was later revealed that this password was linked to an inactive VPN account that did not use multi-factor authentication (MFA), making it easier for the attackers to infiltrate the system.

Once inside the network, the DarkSide group deployed ransomware that encrypted Colonial Pipeline’s data, rendering it inaccessible to the company. The ransomware affected the company’s business networks, not the operational technology (OT) systems directly responsible for pipeline operations – but the firm decided to shut down its entire pipeline system, putting a stop to fuel distribution along the East Coast and causing chaos at gas stations in the region.

Against standard advice, Colonial Pipeline decided to pay the ransom of $4.4 million to the malware’s creators, DarkSide, to regain access to their systems and restore operations.

SamSam

Year: 2016-2018

Type: Manual deployment

Attacker: BOSS SPIDER Group

Target: Over 200 victims, including municipalities and hospitals

Losses: Over $6 million in ransom payments

Current Status: Historic, not active

Unlike typical ransomware that spreads through phishing emails or malicious downloads, SamSam attacks were carefully planned. The attackers typically gained initial access to their targeted networks by exploiting vulnerabilities in remote desktop protocol (RDP) services or Java-based web servers, or by stealing credentials. Once inside the network, the attackers manually moved laterally across the systems, identifying key servers and systems to target.

The ransomware encrypted important files and databases. The attackers often timed the deployment during off-hours to avoid immediate detection and ensure widespread encryption before the organization could respond.

The ransom amount varied, but it was typically in the range of tens of thousands of dollars, with some demands reaching hundreds of thousands (payable in Bitcoin). Cheekily, the attackers often offered a discount for quick payment or additional fees if the payment was delayed.

SamSam was responsible for the notorious 2018 ransomware attack on the City of Atlanta, which crippled several city services, including the court system, law enforcement, and public records. The attackers demanded a ransom of approximately $51,000 in Bitcoin. The city refused to pay, resulting in significant recovery costs that have been estimated to exceed $2.6 million.

REvil/Sodinokibi

Year: 2019 – 2021

Type: RaaS (Ransomware as a Service)

Attacker: REvil Group

Target: Various, including Kaseya, JBS

Losses: Demanded $70 million for universal decryption

Current Status: Group’s infrastructure disrupted in 2021

This ransomware caused big problems for organizations in the finance, healthcare, legal, IT, and critical infrastructure sectors, among others.

Interestingly, REvil operated as a RaaS, meaning that the creators of the ransomware provided the software to “affiliates” who would carry out the attacks. The affiliates would receive a share of the ransom payments, typically around 60-70%, while the remaining percentage would go to the REvil developers. This model enabled REvil to scale rapidly.

And, as well as deploying encryption, REvil became known for exfiltrating data before encryption. This gave them additional leverage, as they could threaten to publicly leak the stolen data if the ransom was not paid. In fact, REvil helped to set the trend for combining data encryption with data theft.

REvil caused widespread destruction across many industries and was responsible for shutdowns and significant loss of revenue for companies such as Travelex, JBS Foods, Kaseya VSA, and the New York based law firm Grubman Shire Meiselas & Sacks. Bitcoin/Monero payment demands were huge, reaching as high as $70 million.

Ryuk

Year: 2018-present

Type: Encryption ransomware

Attacker: WIZARD SPIDER Group

Target: Various, mostly large organizations

Losses: Estimated over $150 million

Current Status: Still active

Like REvil and SamSam, Ryuk affected – and continues to affect – larger organizations and government departments.

Ruk attacks often start with a phishing email or an infection through other malware, such as TrickBot or Emotet, which establish a foothold in the network. Once inside the system, attackers move across the network to gain access to more data, often compromising administrative accounts to maximize the damage. Ryuk then encrypts files on the compromised systems with their famous “.ryk” extension .

Ryuk targets a wide range of file types, including databases, backups, and documents critical to business operations. Then, as is standard practice, a ransom note is left on the affected systems, demanding payment in Bitcoin.

Several US cities, including Baltimore and New Orleans, have been targeted by Ryuk, causing significant disruptions to city services. This ransomware – which is thought to be operated by a group called Wizard Spider – has been particularly damaging to healthcare institutions, where the encryption of patient records and other vital systems can have life-threatening consequences.

Costa Rican Government

Year: 2022

Type: Encryption ransomware

Attacker: Conti gang

Target: Costa Rican government institutions

Losses: Estimated $30 million/day

Current Status: Group’s infrastructure disrupted

Several years ago, the Russia-based Conti ransomware group launched a coordinated attack on the Costa Rican government, bringing its operations across its Ministry of Finance and its Ministry of Labor and Social Security to a halt.

Critical tax collection, customs processing and payment services were inaccessible, so officials were desperate to resolve the situation. Conti initially demanded a $10 million ransom, which was later increased to $20 million as the group intensified its threats. They also began leaking sensitive data from the compromised systems when the ransom was not paid.

In response to the scale and impact of the attack, Costa Rican President Carlos Alvarado declared a national emergency on May 8, 2022. Other countries took note, aware for perhaps the first time of the scale of destruction ransomware can leave in its wake.

Locky

Year: 2016-2018

Type: Encryption ransomware (phishing emails)

Attacker: Possibly Dridex hackers (Evil Corp or TA505)

Target: Various, predominantly healthcare providers

Losses: Estimated $1 billion

Current Status: Historic, not active

Locky ransomware first came onto the scene in February 2016. It was initially distributed through large-scale phishing email campaigns, with these emails containing malicious attachments that were disguised as invoices or other seemingly ‘official’ documents. When opened, the attachment would execute a macro that downloaded and installed the Locky ransomware on the victim’s system, and from there, the malware would begin encrypting all kinds of file types with its trademark ‘.locky’ extension.

Locky quickly became one of the most widespread ransomware threats, affecting individuals, businesses, and organizations around the world. It caused significant disruptions to businesses but also notably the healthcare sector.

Over time, several variants of Locky were released, each with different encryption methods or file extensions, making detecting and defending against the ransomware more challenging. However, it has since faded from use, having been replaced by more sophisticated strains.

GandCrab

Year: 2018-2019

Type: RaaS (Ransomware as a Service)

Attacker: PINCHY SPIDER Group

Target: Various, including businesses and individuals

Losses: Estimated $2 billion extorted

Current Status: Group claimed to have retired in 2019

Emerging in 2018, GandCrab ransomware was one of the most prolific types of ransomware before it eventually entered retirement just over a year later in 2019.

Like REvil, GandCrab was offered as a Ransomware-as-a-Service (RaaS) on darknet forums, meaning that the developers of GandCrab allowed other cybercriminals to distribute the ransomware in exchange for a share of the ransom payments.

As well as being distributed via – you guessed it! – phishing emails, GandCrab was distributed via exploit kits such as RIG and GrandSoft, which would infect vulnerable systems when users visited compromised or malicious websites. GandCrab operators also exploited weak or exposed RDP connections to gain access to networks and deploy the ransomware. From smaller outfits to larger enterprises, GandCrab didn’t discriminate when it came to the kinds of businesses it targeted.

Experts estimate that GandCrab operators earned over $2 billion in ransom payments over its operational period, making it one of the most profitable ransomware families in history.

WannaCry

Year: 2017

Type: Encryption ransomware (cryptoworm)

Attacker: Believed to be the Lazarus Group (linked to North Korea)

Target: Global (various organizations including the UK’s NHS)

Losses: Estimated $4 billion

Current Status: Attack mitigated with patches, but remnants may still exist

Previous ransomware is good at infecting devices one by one. WannaCry, on the other hand, is what’s known as a cryptoworm: it spreads primarily through networks.

WannaCry was a global campaign that targeted computers running the Microsoft Windows operating system, specifically those that hadn’t yet been updated with Microsoft’s latest security patches and were still vulnerable to a flaw in the Server Message Block (SMB) protocol known as EternalBlue. It’s thought to originate from a state-sponsored hacking group in North Korea.

WannaCry’s ransom note, which was handily displayed in multiple languages, gave victims a deadline of a few days to pay, after which the ransom would double. If the ransom was not paid within a week, the files would be permanently lost.

After infecting more than 230,000 computers in 150 countries and impacting huge organizations such as FedEx, Telefonica, Renault and the UK’s National Health Service, WannaCry’s rapid takeover was eventually slowed by a cybersecurity researcher who discovered a kill switch within the code. This wasn’t before WannaCry had caused billions of dollars’ worth of losses for its victims, along with, of course, mass loss of productivity and service.

NotPetya

Year: 2017

Type: Wiper disguised as ransomware

Attacker: Believed to be Russian-sponsored threat attackers

Target: Global, significant impact on Maersk and Merck

Losses: Estimated $10 billion

Current Status: Historic, not active

NotPetya has made the list because was one of the most far-reaching attacks of its nature in recent history. But what makes it different from the rest is that it was essentially a wiper, ie a type of malware that’s not only designed to encrypt data, but delete it.  

NotPetya also exploited the EternalBlue vulnerability and worked to encrypt the master boot record (MBR) to cause critical damage to its affected systems and render data completely unrecoverable. It also used tools like Mimikatz to harvest credentials.

Although Ukraine was the primary target, because WannaCry originally spread due to a compromised update to the Ukrainian accounting platform MeDoc, the attack quickly spread to other countries and affected multinational corporations. Major companies hit included Maersk, Merck, FedEx’s TNT Express, and WPP, among others. There’s evidence to suggest that WannaCry was a politically motivated campaign run by hackers that were linked to Russia’s military intelligence agency.

WannaCry proved just how vulnerable critical infrastructure and global supply chains can be to complex and widespread cyber threats. It led many organizations to reassess and strengthen their cybersecurity measures.

As you can see from these ransomware examples, ransomware can strike at any time, and impact any business. New strains and types are emerging all the time, which is why it’s so crucial to make sure your computers and networks are protected against past and current threats.

SUPERAntiSpyware works around the clock to block ransomware attacks and keep your PCs free from malicious software. See how our Professional X Edition can mitigate risk in this area and form the foundations of your cybersecurity strategy. 

What is Blue Screen of Death (BSOD) and How to Fix It

Blue Screen of Death (BSOD)

We’ve all felt our stomachs drop in dread as soon as our computer screen turns that all-too-familiar shade of blue.

But what is the formidable Blue Screen of Death (usually abbreviated to BSOD) on Windows devices, why does it happen, and how can we fix it?

What does the Blue Screen of Death (BSOD) mean?   

The “Blue Screen of Death” (BSOD) is the famous error screen that is displayed by a Microsoft Windows operating system when it encounters a critical error from which it cannot recover. It’s not an application crash – it’s a full system failure.

Sometimes you’ll find the Blue Screen of Death referred to as a stop error screen, blue error screen, fatal error, or bugcheck.

When the BSOD appears, it means the error is so severe that the operating system needs to be recovered. At this point, the computer will come to a complete halt and will be useless until it is rebooted.

When was the BSOD first introduced?

The first Blue Screen of Death (BSOD) actually appeared in Windows 1.0, which was released in November 1985. However, the BSOD as it is commonly recognized today became more prominent with the release of Windows 3.0 in 1990.

Windows 3.0 was the first version where the BSOD was used as a mechanism to handle critical system errors, specifically those related to memory management and other severe system failures. It was a preventative measure that was designed to protect the computer against critical hardware failure. The Windows 3.0 version of the BSOD was a text-based screen that provided technical information about the error and helped users or technicians could use to diagnose the problem.

The BSOD became more widely known and infamous with later versions of Windows, particularly Windows 95 and Windows 98, where it became a regular occurrence for many users. The term “Blue Screen of Death” itself became popular around this time, reflecting the disruption these errors caused.

The messaging and overall aesthetic of the BSOD has become softer and friendlier over the years, and from Windows 10 onwards, users have been provided with certain ‘stop codes’ and/or QR codes that can provide more information on the error with a simple lookup in Windows Support. But it has always meant the same thing: it’s time to restart!

BSODs are particularly frustrating because they usually crop up without any warning whatsoever. You’re unlikely to see them coming – but they will almost certainly bring whatever you were working on to a hard stop!

What causes the Blue Screen of Death?

There are several issues with the computer’s software or hardware that can trigger the Blue Screen of Death. Let’s look into these in some more detail.

Hardware failures          

A physical problem with your Windows device could prompt it to stop running safely.

Faulty memory (RAM): Broken, corrupt or insufficient RAM modules can cause system instability, resulting in the system ceasing to function until it can correct these issues.

Failing hard drive or SSD: Bad sectors or other issues with storage devices can cause data corruption and trigger a BSOD.

Disk error: If the file system becomes corrupted, it can cause data access issues that lead to a BSOD. Physical damage or wear on a hard drive can result in bad sectors, causing the system to crash when trying to read or write to these areas.

CPU processor error: Overclocking the CPU – ie, increasing the speed at which your hardware components work to perform their calculations – might increase performance temporarily, but lead to a BSOD if the system can’t cope with these new demands.

Power supply issues: If the power supply unit (PSU) is failing or unable to provide sufficient power to the components, the system might not be able to start up properly.

Overheating: If the CPU, GPU, or other components overheat, the system may shut down to prevent damage, resulting in a BSOD.

Graphics processing unit (GPU) malfunctions: The problem could be associated with graphics card; perhaps the driver is out of date, hasn’t been updated correctly, or is incompatible with the system. Overclocked GPUs can also lead you straight to the blue screen scenario.

Hardware usage exceeding limits: Installing new hardware that is incompatible with the system, has been improperly installed, or is just not able to cope with what’s required from the device might trigger a BSOD.

Motherboard BIOS bugs: Running outdated firmware on the motherboard can cause compatibility issues with hardware or operating system updates. Similarly, incorrect BIOS/UEFI settings (for example, incorrect memory timings or voltage settings) might also be to blame.

Defective fans: Make sure the system is free from dust, adequately ventilated and can cool itself without any problems, otherwise a BSOD could be just around the corner.

Software conflicts

These are common causes of Blue Screens of Death, particularly when it comes to:

Incompatible software: Programs that are not compatible with the operating system can cause conflicts. If you find that BSODs keep taking place after new software has been installed, undo the change to see if this stops them from happening.

Malware or viruses: Malicious software can corrupt system files or interfere with critical processes, and both of these issues can overwhelm the OS, resulting in a complete shutdown.

Bugs in the operating system kernel: These can lead to vulnerabilities or corrupted file systems, resulting in a kernel panic that prompts the BSOD.

Conflicting third-party software updates: Security software or firewalls can cause conflicts with the operating system, and any software that modifies system settings or registry entries can contribute to BSODs, too.  

Incompatible drivers: Drivers need to be up to date with the computer’s version of Windows. You also need to stay on top of patches and updates to the operating system if you want to avoid the BSOD.

Corrupted system files: Files that have been affected by improper shutdowns or failed updates can lead to a BSOD.

Common BSOD Windows stop codes

Blue Screen of Death stop codes, also known as bug check codes or stop error codes, are hexadecimal codes that indicate the specific error that caused the system to crash.

Each stop code corresponds to a particular issue, such as hardware failures, driver problems, or system file corruption. Understanding these codes can help diagnose and fix the underlying problem.

There are 270 stop codes in total, and most of them are extremely rare. Here’s a quick introduction to the ten codes that Windows users encounter the most:

KMODE_EXCEPTION_NOT_HANDLED

This stop code indicates that a kernel-mode program generated an exception that the error handler didn’t catch. Check faulty drivers, incompatible hardware, or issues with system services.

NTFS_FILE_SYSTEM

This relates to the NTFS file system and usually indicates a problem with the hard drive or SSD, which could be caused by corruption, bad sectors, or issues with disk controllers.

DATA_BUS_ERROR

This is down to a fault with the system’s data bus. The most common cause of a DATA_BUS_ERROR (but not the only one!) is defective RAM. If the memory modules have physical defects or are not functioning correctly, they may cause data corruption.

IRQL_NOT_LESS_OR_EQUAL

This error usually occurs when a kernel-mode driver, system service, or hardware device tries to access memory with inadequate permissions. Faulty drivers, incompatible hardware, or corrupted system files are usually the culprits.

PAGE_FAULT_IN_NONPAGED_AREA

This code appears when the system attempts to access a page of memory that is not present due to faulty RAM, driver issues, or corrupt system files.

CRITICAL_PROCESS_DIED

As its name suggests, this error occurs when a critical system process fails, causing the system to crash and display a blue screen.

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

This stop code means that a system thread generated an exception that the error handler didn’t catch, usually because of incompatible or faulty drivers, hardware issues, or system service errors.

VIDEO_TDR_TIMEOUT_DETECTED

This occurs when the graphics driver fails to respond within a specified time, causing Windows to reset the graphics card to recover from the unresponsive state. It’s most frequently caused by driver issues, hardware failures, or an overworked GPU.

SYSTEM_SERVICE_EXCEPTION

This error indicates that an exception occurred while executing a system service routine. Turn your attention to any corrupted system files, driver conflicts, or hardware issues that might be the root of the problem.

DPC_WATCHDOG_VIOLATION

In this instance, the Windows DPC (Deferred Procedure Call) watchdog detects a prolonged or stuck DPC routine. It’s often caused by incompatible drivers, SSD firmware issues, or hardware conflicts, particularly those related to storage devices.

How to fix the Blue Screen of Death

Getting a Blue Screen of Death isn’t great news for your device, particularly if your BSODs are happening on a regular basis – but it’s not always the end of the world.

Follow the 10 steps below to uncover the problem and getting your system functioning correctly. (Make sure you write down the stop code, too, as this could help you reach a diagnosis faster.)

  1. Restart your computer

A simple restart can sometimes resolve temporary issues. Hold down the power button and wait for your device to reboot.

  • Boot into Safe Mode

Restart the computer and press F8 (or Shift + F8) during the boot process to access the Advanced Boot Options.

From there, select “Safe Mode.” This will start Windows with minimal drivers and can help you diagnose if the issue is driver- or software-related.

  • Update drivers

In Safe Mode, open “Device Manager” (Win + X > “Device Manager”).

Look for any devices with a yellow triangle – which indicates an issue – and update those drivers by right-clicking and selecting “Update driver.” This should resolve any conflicts with outdated or incompatible drivers.

  • Run a Windows update

Go to Settings > Update & Security > Windows Update and click “Check for updates.”

Installing the latest updates at regular intervals can fix known bugs and compatibility issues, and help to keep BSODs to a minimum.

  • Check for malware

Malware can corrupt system files.Run a full system scan using your preferred trusted antivirus program to see if there are any unwanted files that could be wreaking havoc.

  • Run System File Checker (SFC)

This tool checks for and repairs corrupted system files.

Go to Troubleshoot, then Advanced Options, then select Command Prompt from the list. Alternatively, open Command Prompt as an administrator (Win + X > “Command Prompt (Admin)”).

Type sfc /scannow and press Enter.

  • Check the hard drive for errors

This simple job could have a huge impact on the smooth-running of your system.

In Command Prompt, type chkdsk /f /r and press Enter. You may need to restart the computer.

  • Undo Recent Changes

If the BSOD started after installing new software or hardware, uninstall the source of the issue by heading over to Control Panel > Programs and Features. You may need to wait until a newer version of the program or driver is available until it functions correctly.

  • Use System Restore

Go to Control Panel > Recovery > Open System Restore and choose a restore point before the BSOD started. This might help to identify where the issue began.

  1. Reset or Reinstall Windows

If all else fails and you’re still experiencing persistent issues, go to Settings > Update & Security > Recovery > “Reset this PC,” and choose to keep or remove your files.

If you’ve actioned all the above advice and you’re still getting BSODs, chances are you’re facing a hardware failure, and you’ll need to speak to a professional technician for further guidance.

Does a Blue Screen of Death mean your computer has a virus?

Experiencing a BSOD doesn’t necessarily mean the computer has picked up a virus, but it’s always worth running a scanner to see if any infected malware programs can be removed.

SUPERAntiSpyware’s Professional X Edition is a powerful tool that can detect and remove more than a billion malicious threats to your system. From malware and spyware to trojans, worms, ransomware, parasites, keyloggers and more, our software will seek out any and all of the intrusive files that might be contributing to Blue Screen of Death errors and get rid of them for good.

Professional X Edition can also fix the parts of the OS, registry, and task manager that were previously damaged by malware, saving you the hassle of correcting these issues one by one.

How to change how Windows manages Blue Screen of Death

You can adjust your Windows settings to control how the operating system responds to critical errors, and how much information Windows provides you on what went wrong.

  • Adjust recovery settings

Find the System Properties setting in the Advanced System Settings window.

Under the Advanced tab, find the section labeled Startup and Recovery and click Settings.

Look under the System failure section.

Uncheck Automatically restart if you want Windows to stop restarting automatically after a BSOD. This allows you to see the error message on the BSOD.

  • Change system failure options

Changing the system failure options will allow you to control how much information is saved following a BSOD.

From the drop-down menu labeled Write debugging information, you can choose what kind of memory dump Windows should create when it encounters a BSOD:

  • Small memory dump (256 KB): This stores minimal information and is helpful for diagnosing simple errors.
  • Kernel memory dump: This captures the kernel memory at the time of the crash, so is useful for more detailed analysis.
  • Complete memory dump: This records all memory at the time of the crash, resulting in a large dataset.
  • None: No memory dump is created.

How to prevent BSOD from returning        

Not all Blue Screen of Death fixes are straightforward, and many of them can’t be prevented.

But you can reduce the risk of a BSOD occurring in the first place by following these simple steps:

Keep windows updated: Regularly check for and install Windows updates via Settings > Update & Security > Windows Update. Updates often include patches for bugs and security vulnerabilities that could cause system instabilities.

Update device drivers: As mentioned, outdated or incompatible drivers are a common cause of BSODs. Use Device Manager to update drivers, especially for critical components like graphics cards, network adapters, and storage controllers.

Maintain your system regularly: Clean up temporary files, defragment your hard drive (if you’re using HDD), and make good use of built-in tools like Disk Cleanup and Defragment and Optimize Drives. This will help to prevent performance issues.

Utilize antivirus and antimalware tools: Run regular scans with the virus checker of your choice to help prevent infections.

Conduct regular disk maintenance: Use the chkdsk command in Command Prompt to check and repair file system errors on your drives (chkdsk /f /r).

Perform memory checks: Find out if issues with your RAM are causing your BSOD.

Avoid overclocking: Running components at their rated speeds reduces the risk of system instabilities. Consider returning to the default settings on your CPU, GPU or RAM if you notice you’re consistently overclocking them.

Ensure adequate hardware cooling: Overheating can cause hardware failures that lead to BSODs, so keeping components cool with proper ventilation is essential. Use hardware monitoring tools to keep a close eye on your CPU, GPU, and other components’ temperatures.

Use reliable hardware: Make sure that any connected peripherals, such as printers and external drives, are compatible with your system and have up-to-date drivers.

Be mindful with software installations: Only install software from trusted sources and avoid using pirated or cracked software.

Monitor your system logs: Use Event Viewer (eventvwr) to find any errors or warning signs that might signal an impending BSOD. Detecting problems early can help to prevent critical failures.

You’re ready to deal with BSOD issues!

By now, you’ll have everything you need to tackle the Blue Screen of Death head-on.

While it’s important to understand how to react to critical system errors when they arise, prevention is better than cure when it comes to keeping BSODs at bay.

Installing SUPERAntiSpyware on your device will support you in your quest to keep your Windows device free from viruses and performing at its best. Download our Free Edition to get started.

What is a digital footprint?

Digital footprints

Did you know that every interaction you have online can shape the way you’re perceived on the web?

You’ve likely spent years creating your online identity, without even knowing it.

While it’s important for most of us to have a digital presence, our digital footprint can reveal a lot about our lives – and in some cases, perhaps a little too much.

Here, we discuss the different types of digital footprints, why they are important, and how to check and protect your online reputation to make sure you’re giving off the best impression and keeping your private information out of the public domain.

Defining a digital footprint           

What do we mean when we use the term ‘digital footprint’?

Essentially, your digital footprint refers to the trail of data that you create while using the internet.

It includes all the information you leave behind – either intentionally or unintentionally, actively or passively – every time you engage with websites and apps. Much of this data is gleaned from public social media profiles; if you’re active on sites like Facebook, Instagram, TikTok and LinkedIn, and your account isn’t set to private, all your activity will be easily discoverable by anyone who is interested in finding it.

As you can imagine, your digital footprint can reveal a lot about your habits, preferences, location, and relationships. Leaving this information out to public scrutiny isn’t always a bad thing in itself – but unfortunately it can be used by companies for targeted advertising and even used to facilitate privacy breaches. So, it’s a good idea to be conscious of what you’re putting out there, how your digital footprint can affect how you’re being perceived and the experience you’re receiving online, and how it might be used against you.

What are the different types of digital footprints?         

There are four types of digital footprints that the average web user needs to be aware of:

Active digital footprints

Your active digital footprint consists of all the data you intentionally share online. This information is both visible and traceable, but you can control how you engage with online communities and decide to only share what you’re comfortable with.

A typical active digital footprint might include:

  • Posts, likes, comments and shares on social media
  • Comments on forums, blog posts, news articles and YouTube videos
  • Emails, including attachments and signatures, specifically if you’re using web-based email services like Gmail, Yahoo or Outlook
  • Information submitted via online forms
  • Information you’ve shared on your own website or within your own digital portfolio, which likely includes your direct contact details
  • Reviews you’ve left on platforms like Amazon, TripAdvisor, and Google Reviews
  • Information you’ve provided when signing up for online accounts with, for example, Netflix or Spotify
  • Information you’ve submitted in online surveys and quizzes
  • Contributions you’ve made to collaborative websites like Wikipedia, GitHub, or Udemy
  • Content you’ve sent through instant messaging apps, including WhatsApp and Telegram
  • Questions and responses you’ve posted on boards in communities like Reddit or Quora
  • Files you’ve uploaded to cloud services like Dropbox, iCloud or Google Drive
  • Petitions you’ve signed
  • Cookies that you’ve agreed to install on your devices

Passive digital footprints           

The data generated by your passive digital footprint is often a byproduct of the things you’ve been doing online. This information is not created mindfully, but nonetheless, it’s used by service providers and marketers to analyse your behavior and serve you targeted ads. It often consists of things like:

  • Your browsing history, including the websites you’ve visited, the pages you’ve viewed, how you’ve interacted with them, and how long you’ve stayed on each page (usually collected through cookies, tracking scripts, and tracking pixels)
  • Your IP address, which is logged by websites, servers and online services every time you connect to the web
  • Your search engine queries
  • Your app usage data
  • Your location data
  • Your shopping cart data
  • Information about your device, including its model, operating system, browser type, screen resolution, and MAC address or IMEI number
  • Information about the Bluetooth and Wi-Fi networks you have connected to
  • Logs of your online activity, including login/logout times and errors
  • Timestamps and geotags from social media websites
  • Email tracking data
  • Streaming data

Anonymous digital footprints

These footprints consist of actions that aren’t directly tied to your personal identity, but still contribute to your online profile. Even when you’re visiting a website in incognito mode or using a pseudonym, your activity is never truly private – metadata can still be collected and linked to your activity pattern.

Examples of the data points often found in anonymous online footprints are:

  • Your IP address (without any personal information, if you’ve requested that the data remains anonymous in your settings)
  • Data on your browser type, operating system etc that’s been collected by the websites you’ve visited
  • Cookie data
  • User experience data, such as your page engagement and navigation behaviors
  • Ad tracking and targeting data
  • Incognito browsing histories
  • So-called ‘anonymous’ search queries
  • Anonymous feedback and surveys
  • Anonymous social media interactions
  • Activity carried out on the Tor network, which is typically anonymized by being routed through multiple servers
  • Interactions with blockchain networks
  • VPN usage

Pseudonymous digital footprints     

These are digital traces linked to an alias rather than a real identity. For instance, if you’re a blogger, you might decide to write under a pen name. By doing so, you’ll be creating a pseudonymous footprint.

While this approach can offer some privacy, sophisticated tracking techniques can sometimes link pseudonyms to real people, particularly when combined with other data points. The bottom line is, you might think you’re beating the system, but you’ll never be truly anonymous!

Some examples of pseudonymous data points include:

  • Aliases and usernames
  • Email addresses without your real name
  • Anonymous posts on forums
  • Pseudonymous names or handles on social media
  • Pseudonymous ecommerce accounts (with the likes of eBay and Etsy)
  • Online gaming profile tags
  • Cryptocurrency wallets
  • Contributions to open-source projects
  • Contributions to crowdfunding projects

Why is your digital footprint important?

As we mentioned earlier, your digital footprint reveals a lot about you. It’s a reflection of your entire journey online – and it’s out there for anyone to see, meaning that, unfortunately, it can be exploited.

It’s permanent

The information your digital footprint holds will help other people shape a view on who you are, how you behave, and what you value. Old media from decades ago can be found, analysed, potentially misinterpreted, and used to create a profile of you that might not be entirely accurate. Even content that you thought was long deleted can often resurface, which is why it’s so essential to be careful about what you share on the web.

It can help determine your reputation – both online and offline

If you once expressed a controversial opinion on Facebook, made an inappropriate joke to a friend on Twitter, or berated somebody in a forum, these seemingly off-the-cuff comments can still be unearthed, affecting your credibility. You might have evolved since then, but your character can still be tarnished by what went on before.

It helps employers and officials with their vetting processes

Statistics show that more than three quarters of employers google their prospective hires during recruitment drives, so whatever you are associated with online could have a bearing on the opportunities you’re offered. Plus, colleges, universities, security companies, police departments and even government representatives may be inclined to examine your digital footprint to better understand your public profile.

You might be wondering how employers and officials can access and analyze your digital footprint without spending days trawling through your data. Well, the truth is, there are lots of background checking tools available, including:

Maigret, an open-source intelligence (OSINT) platformwhich helps companies find accounts and websites that are associated with a particular username.

MOSINT, another OSINT tool that gathers information associated with a specific email address.

Nexfil, which enables employers to find profiles allocated to particular usernames.

It might threaten your personal safety

Companies and cybercriminals can use the data in your digital footprint to learn more about you and use this information for their own gain.

Perhaps they’ll simply use this data to serve up more relevant advertisements to you while you’re browsing – or maybe they’ll use your data to develop a convincing spear-phishing attack or release sensitive information about you without your consent (something which is known as doxing). Be aware that, if there’s lots of information about you in the digital ether, there’s a chance that somebody, somewhere will try to use it to their advantage. 

Digital footprint examples        

We’ve touched on a few examples – but let’s take a closer look at what actually makes up your digital footprint and delve into the kinds of data points that are going to leave a lasting impression online.

Social media

  • Logins from any device, including your mobile phone
  • Connecting with friends – for example, accepting a friend request on Facebook
  • The content you share with your friends and followers
  • Logging into third party websites using your social media account details
  • Joining a dating site or app

Online shopping data

  • Making online purchases
  • Creating an account with an online retailer
  • Signing up for coupons
  • Registering for newsletters from retailers
  • Browsing and making purchases via shopping apps

Online banking

  • Using a mobile or browser-based banking app
  • Submitting an application for a new credit card
  • Buying or selling stocks
  • Subscribing to financial content (blogs and online magazines)

Reading the news

  • Browsing articles on a news app
  • Subscribing to an online news outlet
  • Signing up for a newsletter
  • Reposting news articles on forums or social profiles

Health and fitness

  • Using fitness trackers
  • Using calorie counting or recipe apps
  • Using healthcare apps
  • Registering your contact information with a gym or sports center

There are a whole host of other elements that will be recorded when you’re actively using the internet. Your IP address will be noted, the browsers you’re using (and some of their settings) will be tracked, and there will be information available on every online form you complete.

How to check your digital footprint

Interested to see what your digital footprint looks like? There are several ways you can check in on your activity and get a better feel for your online reputation:

Search for your name on search engines

Open a search engine like Google, Bing, or DuckDuckGo, then enter your full name in quotation marks (e.g., “John Doe”) to search for exact matches. You should also try variations of your name – including nicknames, middle names, or any professional aliases you use – to see if these data points have been indexed, too.

Keep an eye out for personal information about yourself, any publicly accessible social media profiles that you’ve made, any mentions in news articles or publications, and links to online content you’ve created. You can also use reverse image search tools to see where your profile picture appears online.

Check aggregated websites

Visit websites that aggregate personal information, such as Whitepages, Spokeo, MyLife, or Pipl. Search for your name, email address, or phone number on these sites, and review the information that’s returned, which will likely include your contact details, addresses, social profiles, and any other public records.

These aggregator websites often have their own processes for removing or opting out of listings. Look for an opt-out link, which is usually found in the site’s privacy policy or help section. From there, follow the instructions to remove or hide your information from public view. This might involve submitting a request or verifying your identity.

Set up Google Alerts for your name

Go to Google Alerts. In the search box, enter your name in quotation marks (e.g., “John Doe”) to track exact matches. You can customize the alert by choosing how often you want to receive notifications, the sources you’re interested in (news, blogs, web), and the language and region. Finally, enter your email address to receive alerts and click “Create Alert.” You should start receiving round-up emails straightaway.

This will keep you across any new mentions that might have a damaging impact on your reputation. Reviewing your Google Alerts may also help you spot opportunities to correct any misinformation or thank authors for positive coverage of you.

Review your old social media activity

There’s no fast way to do this. You’ll need to log into each of your social media accounts individually and review your profile information, photos, posts and interactions to make sure there’s nothing housed on these sites that could be held against you (or give away too much information about you). Most of these platforms have search and/or activity log features that enable you to review all your past actions.

How to protect your digital footprint         

If all this talk of your online footprint is making you uncomfortable, don’t worry – there are plenty of things you can do to safeguard your digital reputation and protect your sensitive information.

Be mindful sharing of personal data online

The less you share, the harder it is for cybercriminals to analyse your digital footprint, and the better reputation you’ll have overall. Remove references to your personal phone number and email address and take a breath before posting anything that could be perceived in a negative light in the future; it might come back to haunt you.

Use strong, unique passwords and utilise a password manager

This should be common practice, but it’s easy to resort back to familiar passwords, most of which are easily hackable. To keep attackers at bay, use complex pass phrases that combine letters, numbers and symbols, and don’t be tempted to use easily guessed information like birthdays or names. Using a reputable password manager will help you generate and store passwords for each account.

Use two-factor authentication (2FA) where possible

Activate 2FA on your accounts to add an extra layer of security. This usually involves a secondary verification step, such as a code sent to your phone, in addition to your password.

Delete old accounts

Regularly audit your online accounts and close any that you no longer use. This will reduce the number of places where your data is stored, and in turn lower the risk of breaches.

Regularly review social media privacy settings

Take back as much control over your social visibility as you can! Check to make sure your profiles and their contents are not visible to the public and learn how to maximise the privacy settings on each site. 

Avoid logging in with Facebook

Sidestep potential security risks by finding another way to access third-party sites that request you login using your Facebook credentials. You don’t need to be sharing your social media sign-in data unnecessarily.

Frequently update your software

Outdated software typically contains a ton of data points that could be more easily accessed by cybercriminals. Make sure everything you use is updated regularly so it’s running the latest security patches.

Use security software

Cybersecurity threats come in all shapes and forms, so you need to install a high-grade anti-virus solution across all your devices that can stop any intruders in their tracks. SUPERAntiSpyware’s Professional X Edition package protects every PC against malware, spyware, trojan attempts, keyloggers, and much more. It also quarantines any potential files and deletes them securely, if required.

Review your mobile apps

The last thing you want to do is review all those lengthy terms and conditions – but take a moment to read each app’s user agreement so you know precisely what you’re signing up for and how your data might be used by the app’s creators. If it turns out they’re mining personal information, you may want to find an alternative that doesn’t store data on, for example, your location or your online activities.

Use a VPN

A virtual private network (VPN) masks your IP address and encrypts your internet connection, making it more difficult for third parties to track your online activities. Choose a reputable VPN service and activate it whenever you’re browsing the internet, especially on public or unsecured networks.

Who can see my digital footprint?  

Remember, it’s not just you who can see your online footprint. Your web profile is visible to:

  • Employers
  • Schools
  • Colleges
  • Hackers
  • Peers
  • Internet providers
  • Phone companies
  • Advertisers
  • Law enforcement
  • Data brokers

This is why you need to:

  • Understand how data about you is collected online, whether actively or passively
  • Take steps to minimize the personal information you share online
  • Protect your data as far as you can, using the methods listed earlier
  • Regularly review your digital footprint and remove any references or content that could affect your reputation

How to wipe a hard drive

Using a drill to destroy a hard disk drive

If you’re selling your computer on and want to get rid of your files for privacy reasons – or simply want to erase everything on the system and start afresh – you’ll need to wipe your hard drive completely clean.

When you delete a file in the usual way, the operating system removes the reference to the file from the file system’s index, so it’s not easily discoverable. However, the data itself remains on the hard drive until it’s overwritten by new data. Deleted files can often be recovered using specialized software because the actual data still exists on the disk. Wiping a hard drive goes a step further by overwriting the entire drive’s data with zeros, ones, or random data multiple times. This process ensures that the original data is irretrievable, even with advanced recovery tools, making it a much more effective way to get rid of anything you don’t want others to see.

Wiping can be done on individual files, partitions, or the entire drive, depending on the method used. The process is slightly different on Windows and Mac devices, too.

Read on to discover when it’s appropriate to wipe a hard drive, the steps you need to follow to get rid of your files forever, and some of the third-party tools that can support you along the way. 

When should I wipe a hard drive? 

There are several instances where it makes sense to wipe your hard drive:

When replacing an old computer

Ready to swap your device for a new one? When you’re selling or donating your computer, you don’t want the new owner to access your personal data, including your files, emails, photos, or saved passwords. Wiping the hard drive ensures that all your personal information is completely removed, preventing potential identity theft or data breaches.

When replacing a damaged hard drive

Broken hard drives aren’t much use, but they can still be harbouring some of your personal data. Make sure none of it is recoverable by wiping the drive regardless of its condition.

When upgrading to an SSD

Keen to invest in a better performing hard drive? It’s best to perform a hard disk wipe after you’ve migrated all your data to your new solid-state drive (SSD).

Refreshing an old hard drive

Sometimes, a computer can become sluggish or cluttered with unnecessary files, software, and configurations. If you’re experiencing significant performance issues or want to start fresh without any old data, wiping the drive before you reinstall the operating system can help.

Preparing to wipe your hard drive

Before you commit to the wipe process, we would recommend backing up any critical files. You can copy important files, documents, photos, and other data to an external hard drive or USB flash drive – or alternatively, you can use services like Google Drive, Dropbox, or OneDrive for secure file storage in the cloud.

You could consider creating a full system image or clone of your hard drive if you decide you want to restore your system to its current state later.

You might also want to:

  • Deauthorize accounts and software, so these licenses are no longer tied to a specific computer
  • Note down product keys and serial numbers, particularly if you’re planning to reinstall software
  • Sign out of accounts you were using on that specific device, and clear any saved passwords
  • Disconnect any external hardware
  • Make sure you’ve got the correct drivers on hand for reinstalling the OS
  • Tell other users of the same computer that the data will soon be wiped, and encourage them to back up their own data

How to wipe a hard drive on Mac      

The method you use for wiping your MacOS will depend on the type of Mac you have. You can find out what you’re working with by clicking the Apple menu in the top left of the screen and heading over to About This Mac.

Devices with a silicon chip       

If you use a Mac that was manufactured after 2020, it will likely contain Apple silicon chips, aka M1, M2 or M3 processors. You can wipe the hard drive by:

  • Going to System Settings
  • Clicking on General, then Transfer or Reset
  • Clicking Erase All Content and Settings

From there, follow the on-screen instructions to complete the wipe. The Mac will restart and reactivate, and you’ll be ready to go.

Devices with Intel processors

For Macs that were produced prior to 2020, you’ll need to follow the process to suit its Intel processor. You can use the Disk Utility function to delete the hard drive by:

  • Shutting down the computer and rebooting it
  • Holding the Command + R keys during the reboot until the Apple logo appears
  • Entering your password if required
  • Selecting Disk Utility in the Utilities window, then clicking Continue
  • Selecting Macintosh HD (or the name you gave to your hard drive, if you’ve customized it)
  • Clicking Erase in the toolbar
  • Confirming the hard drive name
  • Selecting APFS under the Format menu, and clicking Erase

Devices with an SSD        

SSD drives aren’t as simple to wipe. For the best results, you’ll need to encrypt your files before you get rid of them, otherwise they might still be accessible.

  1. Go to System Preferences
  2. Click Security & Privacy and select FileVault
  3. Enable FileVault; this will encrypt your hard drive. It might take a few hours. Make a note of the password that’s given to you, as you’ll need it later
  4. When the encryption is complete, reboot your Mac and hold down the Command + R keys during startup
  5. Go to Desk Utility in the Utilities Window
  6. Choose the correct SSD drive from the sidebar, select Unlock from the File menu, and enter the password you received earlier
  7. Click Erase in the toolbar
  8. Confirm the hard drive name
  9. Select APFS under the Format menu, and click Erase
  10. Enter your AppleID in the popup window, if you need to

How to wipe an external drive with a Mac

Wiping an external MacOS hard drive is a breeze.

  1. Go to Applications
  2. Double click Disk Utility in the Utilities folder
  3. Click View, then Show All Devices
  4. Select your external hard drive from the External menu
  5. Click Erase in the toolbar
  6. Confirm the hard drive name
  7. Select APFS under the Format menu, and click Erase
  8. Enter your AppleID in the popup window, if you need to

How to wipe a hard drive on Windows      

Once you’ve backed up all your data, the best practice is to create a recovery drive so you can reinstall Windows on your new machine. To do this, you’ll need to:

  1. Go to Recovery Drive
  2. Click Yes to allow the Recovery Media Creator function to make changes to your device
  3. Check the box Back up system to the recovery drive, and click Next
  4. Connect your external drive to your device via USB
  5. Click Next, then click Create

Next, you’ll need to restart your PC in Recovery Mode. To do this:

  1. Insert the Windows installation USB drive into your computer
  2. Restart your computer and boot from the USB drive. You may need to press a specific key (like F2, F12, ESC, or DEL) to access the boot menu, depending on your computer’s manufacturer
  3. Select the USB drive from the boot menu and press Enter

Then, it’s time to wipe the hard drive:

  1. After booting from the USB drive, the Windows Setup screen will appear
  2. Select your language, time, and keyboard preferences, then click Next
  3. Click Install now
  4. Enter your product key (if required) or select I don’t have a product key
  5. Accept the license terms and click Next
  6. Choose Custom: Install Windows only (advanced)
  7. Select the drive or partition you want to wipe
  8. Click on each partition on the drive and select Delete
  9. Select the unallocated space and click Next. This will automatically create new partitions and begin the Windows installation

Windows will now install itself onto the clean drive. The process may take some time, and your computer will restart several times during the installation. From here, you’ll need to follow the on-screen prompts to set up Windows, configure user accounts and preferences, and connect to the internet.

How to wipe an external drive on Windows            

You can use several third-party tools to wipe the hard drive on a Windows device, but it’s often easiest to use the Disk Management feature by following these instructions:

  1. Connect your external hard drive to the computer
  2. Press the Windows key + X
  3. Select Disk Management from the popup window
  4. Go to the Volume column and right-click the external drive
  5. Select Format, and click Yes in the next window
  6. Uncheck the box called Perform a quick format in the Format D: window and click OK, then OK again to start the disk wipe

How to wipe an SSD

Solid-state drives are generally much faster and more efficient than their hard disk equivalents, but they are harder to wipe. To make sure every last piece of your data has been deleted, we recommend wiping an SSD with either:

The Basic Input-Output System (BIOS)

You can use the in-built utilities of your SSD’s firmware to erase all data from the drive and make sure it’s unrecoverable. The feature to look for is Secure Erase; you’ll need to access this via the system’s BIOS settings (or UEFI settings if you’re working with the more modern equivalent).

If your BIOS/UEFI does not have a Secure Erase option, you’ll need to use the SSD manufacturer’s software, which often includes a bootable tool for this.

Manufacturer software

You’ll need to download the correct utility from your SSD brand. You can usually find the manufacturer information by checking the SSD model in your system settings or by physically inspecting the drive. Some common tools include Intel SSD Toolbox, SanDisk SSD Dashboard, and Samsung Magician.

Download and install the software to get started – and, as always, make sure you’ve backed your data up before you start the wipe process.

Third-party software

Some third-party options are more user-friendly than the utilities available straight from the manufacturers – and they’re just as secure. Some are free, whereas some require payment. Try CCleaner, Parted Magic, Eraser, or GParted.

How to physically wipe a hard drive on a dead computer that won’t turn on     

These may seem like drastic measures, but they’re some of the only foolproof ways to destroy the drive platter on a device that won’t start up.

To start: Disassemble the hard drive

Take apart your hard disk’s components with a screwdriver before destroying it using any of the methods listed below.

Drill holes in the hard drive

Drill a series of holes across the entire piece of hardware to make sure hackers can’t access the data in any undamaged components. You’ll need to be thorough, otherwise your data could still be at risk.

Use a powerful magnet to degauss the hard drive

Magnetic force will damage the hard disk beyond repair (although the same can’t be said for SSDs, which use electronic circuits instead of magnetic disks). Remove the magnetic field around the hard drive by waving a degaussing wand or other powerful magnet around it for around a minute. 

Send to an electronic disposal company for shredding

Contact a reputableprovider that will provide you with a quote for breaking your device into small pieces using industrial grade equipment. This will destroy the drive platters, mechanisms and electronic components beyond recognition. You’ll to make sure your shredding company disposes of or recycles the product responsibly.

Third-party tools that help to wipe a hard drive      

Designed to make the wiping process even easier, third-party software can make getting rid of your sensitive data quick and painless. Discover some of the most popular third-party hard drive wiping tools below and click on their names to download them. 

CCleaner: Though its primary purpose is freeing up space, CCleaner can also be used to wipe your hard drive totally clean. It’s compatible with all major operating systems, including Windows, MacOS and Android, and it’s one of the most intuitive tools of its kind.

DBAN: Otherwise known as Darin’s Boot and Nuke, DBAN is a recognised program that can be initiated from a USB or a CD. It uses an algorithm to overwrite the information on your hard disk drive many times. Please note, DBAN isn’t ideal for wiping SSDs. It’s also best suited to home use. And just a heads up – development for DBAN also stopped in 2015, so it hasn’t received any new bug fixes or support for a few years now.

Disk Wipe: Simple by name and simple in nature, this works in a similar way to DBAN. It’s a Windows-only tool and works on memory devices that are accessible and formatted with either NTFS, Fat, or Fat32.

Active KillDisk Freeware: This sanitization tool’s One Pass Zero method replaces all the data on your drive with zeros, so you can wave a permanent goodbye to everything that was stored on your device.It can be installed across Windows, MacOS and Linux, and it’s great for erasing multiple disks at the same time.

CBL Data Shredder: This overwrites your hard drive witha more complicated bit pattern, so the data cannot be recovered. It’s designed for Windows XP/Vista/7/8/10.

AOMEI Partition Assistant Standard: This tool’s Wipe Hard Drive feature will get rid of your data permanently. There’s also a lot more to this software than meets the eye; it offers a safe hard drive manager, a data migrator, a disk converter and a partition recovery feature, plus more.

ShredOS/Nwipe: This is a USB bootable distribution that works with all Intel 32 and 64 bit processors and erases the contents of a hard drive using the nwipe program.

Eraser: This is an advanced security tool for Windowsthat, at the time of writing, is supported under Windows XP (with Service Pack 3), Windows Server 2003 (with Service Pack 2), Windows Vista, Windows Server 2008, Windows 7, 8, 10 and Windows Server 2012-2022.An added benefit of Eraser is, it also works with a customisable scheduler, so disk sweep tasks can be planned ahead of time and executed whenever suits you best.

A final piece of advice…

If a virus has corrupted your system and its data, you may need to perform a hard drive wipe to start from scratch. You’re much less likely to fall victim to a malicious attack (and have to deal with the fallout!) if you have robust anti-virus and anti-malware protection in place.

SUPERAntiSpyware’s Professional X Edition will stop threats in their tracks long before they have a chance to get to your sensitive information. With an AI-powered detection engine, real-time threat blocker automatic database updates and scheduled scanning, it’s a user-friendly and super convenient software that’s more affordable than you might expect.