How to Remove Ransomware

Ransomware does have one benefit compared to other types of malware: It doesn't stay hidden on your system for long. But that's about it, since as soon as its presence is announced, things go downhill, and fast! But don't worry, we'll show you what to do if you've become the latest victim of the multi-million dollar world of digital extortion.

Ransomware, alternatively known as extortion Trojans, take your files or even system hostage, only releasing them after payment of an (often) hefty ransom. We've already summarized how ransomware slithers its way onto your system, and how to defend against it; but how do you get rid of it?

The first question you should ask yourself when ransomware rears its ugly head is: "Do I have a backup of the files that have been taken hostage?"

Scenario 1: You Have a Backup

An up-to-date Windows backup is an excellent defense against ransomware since it basically removes the need to entertain the hostage-taker's demands. This would be the equivalent of police or SWAT discovering that an identical clone of each hostage in a particular building exists elsewhere, in a safe location, making it completely unnecessary for them to play nice with the hostage-takers. In this situation, you'll have to re-install Windows, and after it, load your backup, but other than the slight inconvenience caused by both of these steps, you won't have to face any other consequences.

In Windows Control Panel, you can make use of an integrated "Recovery" option that allows you to restore your system to a specific backup. Apart from that, there is an entire industry devoted to dedicated cloud-backup solutions, which include the ability to schedule automatic uploads, a particularly convenient feature.

Contending with ransomware is trickier if you don't have a backup to fall back on, but don't give up hope!

Scenario 2: No Backup

If you don't have a backup, follow these steps to get rid of ransomware:

Disconnect Your PC From Any Networks That You Are Attached To
Malware uses every opportunity it can to proliferate. For that reason, the first step in getting rid of it is to disconnect yourself from any networks that you might be on so that it cannot spread from your system to others.

Identify the Type of Ransomware You've Been Hit With
Each kind of ransomware encrypts data differently. Much like treating a disease, in order to decrypt your files, you need to determine what kind of malware has infected your system.

Utilize a Decryption Tool
If a tool has already been developed for decrypting the kind of encryption that is employed on your files, they can be restored fairly easily.

Remove the Ransomware
The second that you've restored your files, make sure that you delete the malware that encrypted them in the first place!

Identify Ransomware

All ransomware is not created equal, and there are a number of different varieties: Crypto-ransomware, for example, "only" encrypts certain files or folders, whereas locker-ransomware put a digital gun to your entire system.

More importantly, you also need to identify which specific kind of attack you've fallen prey to. For example, the most well-known ransomware attack was launched using the WannaCry program in 2017, and resulted in millions of dollars of damages, while the email-based Locky, terrorized Internet users in 2016. Unfortunately, owing to the profitability of such attacks, there are many incentives to continuously develop newer and more effective strains of ransomware.

By using ID Ransomware or Crypto Sheriff you can definitively identify the type of ransomware you've been infected with. All you need to do is upload the ransom note and one encrypted file. If you're feeling so inclined, you can also submit the email address you received the infection from or links that are included in the ransom note.

Using this information, the two services we've linked will compare it against their database in order to identify the ransomware.

Should the ransomware on your computer be identified and already have accompanying decryption tools, the services will suggest downloading these programs.

Decryption Tools

Some well-known antivirus services provide decryption tools for certain types of ransomware. You can find a list of these here:

Remove Ransomware Once and for All

After decryption your files will be restored, however, this doesn't mean that the ransomware simply packs up and leaves. Through the employment of special anti-malware tools, however, you can remove ransomware from your system once and for all.

Like almost anything related to Internet security, these are offered in both free and paid versions. EXPERTE.com's top free malware removal program is Avast Free Antivirus. Using it, you can scan your computer for threats in a matter of minutes, directly removing any that might be encountered.

Should you desire more comprehensive real-time protection, and want to focus on defending specifically against ransomware, paid anti-malware suites would be your best bet. In EXPERTE.com's comprehensive evaluation, Bitdefender impressed us most with its perfect interface, high degree of security, and lengthy catalog of features.

Along with basic scans and real-time protection, these programs also provide dedicated ransomware removal tools. These alert you when a new type of ransomware attempts to encrypt data on your system, creating automatic backups of the files in question, and deleting the program from your computer.

You can find a detailed guide for removing malware using free or paid programs here.

And if There Aren't Any Decryption Tools?

Not all types of encryption employed by ransomware have been 'cracked'. However, even if no antidote for your malady exists, don't give in to the hostage-taker's demands. There's a reason why governments "don't negotiate with terrorists", and it's because there's absolutely no guarantee that the irrational party will keep their word, in this case, that you'll be restored access to your files if you pay up. Similarly, the more people who pay, the more lucrative the ransomware "business" becomes. This, in turn, promotes greater "innovation", eroding Internet security for everyone.

Should you not have any recent backups of your files, you have to face the reality of permanently losing access to any that have been encrypted. As an alternative, you can wait until a decryption tool is released. The best method to combat ransomware is to defend against it proactively: Don't procrastinate about running scheduled system or program updates; Don't open emails from people you don't know; and, Don't visit questionable websites or links sent to you by strangers. And if you want to go the extra mile, see to it that you have a qualitative anti-malware program installed on your system.

Author Janis von Bleichert
Janis von Bleichert studied business informatics at the TU Munich and computer science at the TU Berlin, Germany. He has been self-employed since 2006 and is the founder of EXPERTE.com. He writes about hosting, software and IT security.
Other languages:
Deutsch