Hit by Ransomware? Here’s What to Do
These days, it seems like there’s a new high-profile ransomware case in the news every time you turn around. Hackers can use ransomware to seize control of your device and encrypt your files – but they’ll give you the decryption key if you pay the ransom.
Typically, hackers don’t ask for more than about $1,300 in ransom. The ransom amount is typically low enough that you can come up with it on short notice, and if it isn’t less than you’d pay to have your device and files professionally restored, well, the hacker wants you to think the ransom would be cheaper.
Don’t give in and pay the ransom. You may not even be infected with real ransomware. Isolate your infected device so that the infection doesn’t spread, then figure out what kind of software you’re dealing with. Use an antivirus program to remove the ransomware, and then revert to your most recent system restore point to decrypt your files.
Don’t Give In
Law enforcement officials recommend you don’t pay the ransom if you’re hit by ransomware. While it might seem like the easiest and perhaps the cheapest way to regain access to your files, you should remember that there’s no guarantee the hackers will actually send you a decryption code that works. Hackers only cough up a working decryption code in about 65 to 70 percent of cases.
It makes sense, if you think about it. Hackers who try to extort money from people using ransomware are criminals, and they know there’s not much you can do if they don’t send the decryption code. Sometimes, there isn’t even a decryption code to send. You should only attempt to pay for the decryption code if you have no other way to regain access to your important files, because you haven’t been backing them up, or because your external or cloud storage has been infected, too.
Stop the Spread
Ransomware can spread quickly from the initially infected device to all other devices that are connected to it, so as soon as you realize you’ve been targeted, you need to stop the spread by isolating the device. Disconnect it from your home network and from the internet. Disconnect external hard drives, mobile devices, cloud drives, USB flash drives, other computers, and anything else that’s connected to the infected device.
Determine Whether Your Files Are Really Encrypted
Just because you download some malware that flashes a scary ransom message in red letters across your screen doesn’t necessarily mean you’ve definitely contracted ransomware. Sometimes hackers forgo using actual ransomware (the kind that encrypts your files) and choose scareware instead. Scareware is designed to make you think you’ve been targeted by ransomware, and scare you into paying a ransom, but it doesn’t actually encrypt your files. Check your files to make sure they’re encrypted. If they’re not, you just need to run a standard antimalware scan and remove the scareware from your system.
If your files are encrypted, it can be useful to figure out what kind of ransomware you’ve been infected with. While most antivirus tools can handle the removal of most types of ransomware, knowing what type of ransomware you have can help you choose the right ransomware removal tool.
Use an Antivirus Program to Remove the Ransomware
If you really are infected with ransomware and you don’t want to try paying the ransom to get your files back, you can use a comprehensive antivirus tool for ransomware removal. If you have a paid antivirus software, it should be able to remove the ransomware from your system. If you want to use a free anti-ransomware solution, go to No More Ransom to find the best tool for removing the specific type of ransomware you have.
Restore Your System and Files from Backups
Removing the ransomware from your system is one thing, but just running a malware scan won’t be enough to decrypt your files. Once you remove the ransomware, you won’t be able to resort to getting a decryption code from the hacker. However, there are decryption tools you may be able to use to get your files back, or if all else fails, you can bring your computer to a professional to have your files decrypted.
If you regularly back up your system and files, you may not need to bother with decrypting them. Simply use System Restore to reset your device to a previous restore point. You will lose any files created since your last restore point.
A ransomware attack can be a scary thing to deal with but don’t give in to the demands of criminals. Fight back, and restore your system and files, without letting the hackers win.