As if you didn’t have enough to worry about with viruses, malware, and data breaches, now you have to be on the lookout for ransomware!
Ransomware is a particularly malicious software program (a malware variant) that attacks your computer, locks all your valuable data, and prevents you from using the machine until you pay up.
Imagine you sit down one night to check email, and on your screen is a message demanding you pay $800 in Bitcoin (with instructions on how to do it), and despite your attempts at pushing keys on your keyboard, your computer won’t respond at all. Before the panic sets in, don’t pay, but do keep reading for some ways to unlock your computer and rid yourself of the nasty ransomware.
How Does Ransomware Encrypt Files
Ransomware is basically a virus of sorts. It falls within the malware category but can be more dangerous if your files are encrypted and locked. There are dozens of variations, and some developers of ransomware even sell it as a kit to would-be criminals complete with instructions on how to snare victims and collect payment. In 2017, cybercriminals cost Americans more than $5 billion due to ransomware.
Ransomware, like most viruses and malware, comes to you in the form of a phishing email. If you click a link within an email, you open yourself up to infection. Or you may get infected from visiting a fake website. Sometimes these programs come bundled with other legitimate software (freeware mostly) or downloaded and installed as a trojan when you click the file.
Different Ransomware Types
There are a couple of types of ransomware. One may lock your computer screen with a message, but it doesn’t take control of or encrypt your files. This type is easier to remove and take back control of your computer.
Another version is called “scareware,” where you see pop-ups claiming your computer is infected, and you have to download software and pay for clean-up. These messages may appear to be coming from your antivirus program, but they aren’t. Sometimes this will occur in your web browser.
Another version called Kovter locks your computer screen and displays a message that appears to be from several government agencies. It is not; it is ransomware.
The worst kind locks and encrypts all your files so you cannot use the computer until you either pay up or restore it from a backup. Lockey is an example of this type of ransomware.
How to Remove Ransomware from Your Computer
Ransomware generally targets Windows computers, not Macs. So, if you have a Mac, your chances of being a victim are far less. If you have a Windows machine and your computer is locked, follow the steps below:
Determine whether or not your files have been encrypted and locked. Some ransomware changes the extensions so that the files cannot be used until decrypted.
- Unplug your computer from the internet (if connected by an Ethernet cable).
- Press CTRL+ALT+DEL to invoke the Task Manager and try to end the task, which controls the message on the screen. This works in a lot of cases.
- If that does not work, hard reset the computer (hold the power key down until the machine shuts off).
- Reboot it in safe mode and run your antivirus program to find and remove the ransomware.
- Reboot normally to make sure it is gone, and your files are okay.
Encrypted Files/Locked Computer
- Disconnect your computer from the internet and all other devices (including hard drives and other computers).
- Use your phone or camera to take a picture of the ransom note; you will need it to file a police report.
- Reboot the computer in safe mode and run your antivirus software to find and delete the ransomware.
- If your files are still encrypted after you removed the ransomware, you can either restore from a backup or use a program to decrypt the files. You can try either Crypto Sheriff or ID Ransomware online tools. The cleanest way is to restore from a solid backup. Some files cannot be decrypted.
- If you do restore from a backup, first, factory reset your computer using the operating system to start with a clean slate.
In some cases, your files are simply hidden, not encrypted. In this case, go to File Explorer, click the “View” tab and then check “Hidden items.” If you see all your files, you simply need to navigate to C:\Users\ and right click each folder and deselect “hidden”, and then all your files will magically be restored.
Many strains of ransomware are deadly, and you cannot decrypt the files without paying the fee. This is why you always need a good backup solution in place to restore everything perfectly if anything happens to your computer.
How to Stay Safe from Ransomware
Ransomware is a nuisance for sure, but it can also be costly and waste a lot of time trying to fix something that was preventable. Follow the steps below to avoid this computer catastrophe.
- Always keep your files backed up automatically. You can find some great backup software solutions to give you peace of mind here.
- Never click on links or download attachments in email.
- Do not visit websites that you are unfamiliar with and never download freeware or software that isn’t from a trusted developer.
- Keep your computer updated with the latest security patches and antivirus software. Run deep scans often.
- If you have good backups and can restore to factory settings, do not pay the ransom. If you have no choice, then pay it, but you risk the criminals not releasing your files and asking for more.