There is one good thing about ransomware: Unlike most malware, it doesn't lurk on your system. Once its presence is announced though, things go downhill fast. In this guide, we'll show you what to do if you've become the latest victim of the multi-billion-dollar world of digital extortion.
Ransomware, alternatively known as extortion Trojans, takes your files or even system hostage, only releasing them after payment of a sizable ransom. We've already summarized how ransomware slithers its way onto your system, and how to defend against it. So, how can you get rid of it?
The first question you should ask yourself when ransomware appears is: "Do I have a backup of the files that have been taken hostage?"
Scenario: You Have a Backup
An up-to-date Windows backup is an excellent defense against ransomware since it allows you to ignore the hostage-taker's demands. This would be the equivalent of police discovering that an identical clone of each hostage is safe in another building, far away from the hostage taker.
In this situation, you'll have to re-install Windows and load your backup. Apart from the slight inconvenience caused by both of these steps, there won't be any other other consequences.
In the Windows Control Panel, use the integrated "Recovery" option to restore your system to a specific backup. Apart from that, there's an entire industry devoted to dedicated cloud-backup solutions, which include the ability to conveniently schedule automatic uploads.
Contending with ransomware is trickier if you don't have a backup of your files or folders, but don't give up hope!
Scenario: No Backup
If you don't have a backup, follow these steps to get rid of ransomware:
Disconnect your PC from all networks
Malware uses every opportunity it can to grow. For that reason, the first step to get rid of it is to disconnect from all networks. This prevents malware from spreading further.
Identify the type of ransomware attacking you
Each kind of ransomware encrypts data differently. Much like treating a disease, to decrypt your files, you'll need to determine what kind of malware infection your system has.
Utilize a decryption tool
If a tool exists for decrypting the kind of encryption on your files, regaining access is fairly easy.
Remove the ransomware
The second that you've restored your files, delete the malware that encrypted them in the first place.
All ransomware is not created equal: Crypto-ransomware, for example, only encrypts certain files or folders, whereas locker ransomware takes your entire system hostage.
More importantly, you need to identify which kind of attack you've fallen prey to. For example, the most well-known ransomware attack was launched using the WannaCry program in 2017 and resulted in millions of dollars of damages. Unfortunately, owing to the profitability of such attacks, there are many incentives to develop newer and more effective strains of ransomware.
Use ID Ransomware or Crypto Sheriff to definitively identify the type of ransomware on your system. All you need to do is upload the ransom note and one encrypted file. In addition, you can submit the email address you received the infection from or links that are included in the ransom note.
The two services we've linked to above compare this information against their database in order to identify the ransomware.
Should the ransomware on your computer be identified and already have accompanying decryption tools, the services will suggest downloading these programs.
Some well-known antivirus services provide decryption tools for certain types of ransomware. These include:
Permanently Remove Ransomware
Your files will be restored once they've been decrypted, however, this doesn't mean that the ransomware simply packs up and leaves. With that said, you can permanently remove ransomware from your system with special anti-malware tools.
Like almost anything related to Internet security, there are both free and premium options. EXPERTE.com's top free malware removal program is Avast Free Antivirus. Use it to scan and remove any threats from your computer in a matter of minutes.
In case you'd prefer more comprehensive real-time protection, and want to focus on defending specifically against ransomware, premium anti-malware suites are a great option. Among the services we reviewed, Bitdefender impressed us most with its perfect interface, high degree of security, and lengthy catalog of features.
Apart from basic scans and real-time protection, these programs also provide dedicated ransomware removal tools. These alert you when a new type of ransomware attempts to encrypt files on your system, automatically backs up the files in question, and deletes the program from your computer.
Feel free sure to check out our EXPERTE.com malware removal guide for more information.
What to Do If There Aren't Any Decryption Tools?
Unfortunately, not all ransomware encryption has been cracked. However, even if there isn't an antidote, don't pay up: There's no guarantee that the criminals will keep their word and restore access to your files. At the same time, if you pay, the ransomware "business" benefits and becomes more profitable. This encourages greater "innovation", eroding Internet security for everyone.
If you don't have any recent backups of your files, you might permanently lose access to whatever has been encrypted. Or, you can wait until a decryption tool is released. The best defense against ransomware is a proactive one: Run and install system and program updates or patches, don't open emails from strangers, and never visit suspicious websites or click on links you don't recognize.
To round out your digital defense, make sure that your system has a high-quality anti-malware program installed.