Ransomware is a type of malware that hackers use to encrypt your data and keep you from accessing it. They’ll hold your family pictures, personal projects, work documents, and other data for ransom to extort payment. And seeing that ransom message on your screen can be scary.
It can be tempting to just pay the ransom to get your files back. But there’s no guarantee you’ll get a decryption code that can restore your files, even if you do pay; sometimes the hackers release the data when they get the ransom money, and sometimes they don’t. Don’t pay. Follow these steps instead to take care of your ransomware infection.
Get Off the Network:
If you start up a device and get a ransom message, you should disconnect it from the network immediately. Turn off Bluetooth, disable wifi, and disconnect any Ethernet or other wired internet connections. If you get off the network fast enough, it should keep the ransomware from spreading to other devices.
Collect Information:
You need information about what kind of ransomware you’re dealing with, not just so you can find the right decryption tool, but also so you can report the crime to the police later. Take a screenshot or photo of the ransom message.
Figure Out What Kind of Ransomware You Have:
If you get a ransom message on your device, there are three possibilities: you have encrypting ransomware, screen-locking ransomware, or scareware that doesn’t do anything but produce a frightening ransom message. It will be most difficult to recover your data if you’ve been targeted by encrypting malware. Screen-locking ransomware doesn’t encrypt your files and scareware usually neither locks your screen nor encrypts your files.
If you can get past the ransom message screen but can’t access any of your files, you have to encrypt ransomware. And if you can’t get past the screen message at all, you have screen-locking ransomware. If you can both get past the ransomware message screen and open most of your files, you have scareware.
Use a tool like ID Ransomware to figure out exactly which ransomware you have, so you can find the right decryptor.
Use a Decryptor:
Once you know what kind of ransomware you’ve been infected with, you can probably find a decryption tool to get rid of it. Go to No More Ransom to find the right decryptor.
Restore Your Files:
You may not even need a decryptor if you regularly back up your files – at least, not if the backup isn’t also infected with ransomware. If you keep your backup files on a flash drive or external hard drive, plug it into another machine to make sure it isn’t infected.
If you have your files backed up, you can do a complete wipe of your hard drive, reinstall your operating system, and then restore your files from the backup. However, if you don’t have a backup of your files, you may be able to get them back using a free tool like ShadowExplorer to restore deleted files.
Many types of ransomware work by making copies of your files, encrypting the copies, and deleting the originals, so you may still be able to get your files back. If you are able to get your files back this way, make a backup of them and then wipe your drive and reinstall your operating system. This ensures that no traces of the ransomware remain on your system.
Of course, if you’re not comfortable removing ransomware and restoring your files yourself, you can always take your machine to a computer repair technician. A professional should be able to remove the ransomware and may be able to restore your files as well. Once you’ve restored your system, you need to make sure you’re protecting yourself from potential future attacks. Prevention is the best cure for ransomware. Install antivirus and reputable ransomware protection software.
Report the Crime:
If you’ve been targeted by ransomware, you’ve been the victim of a crime. You should report the ransomware attack to the police, using the screenshots or photos you took of the ransom message as evidence. Reporting the attack helps authorities keep track of the prevalence of these kinds of attacks and may even result in an arrest.
A ransomware attack is stressful and a huge inconvenience, but it’s not the end of the world. You can probably still recover your files and clean your machine of the malware. It just takes the right software tools and a little know-how.