The typical malware infects your computer and operates without being noticed, but a new malware called ransomware isn’t shy to show itself. Ransomware programs essentially hold your computer captive, and you must pay a ransom to regain control. Many victims have caved in and sent considerable money to these criminals, but you don’t have to be pressured into doing the same thing yourself. Here’s how you can prevent and recover from ransomware threats.
Types and Characteristics of Ransomware
The least destructive ransomware that you can encounter is the scareware. Once it infects your computer, it frequently displays a fake security alert claiming that your computer has been infected with an overwhelming number of viruses and issues. It then offers to clean your infected computer – for a fee, of course. At its worst, the scareware only annoys you with its incessant security alert and still allows you to use your computer.
Some more aggressive types of ransomware, however, hinders your access to your computer altogether. In lieu of dismissible, fake security alerts, they put full-screen messages that block other applications and cannot be minimized easily.
The worst type is the encrypting ransomware, which makes scareware and lock-screen scams puerile in comparison. As the name clearly states, this malicious software encrypts your files and render them unusable without the decryption key.
To appear seemingly valid and trustworthy, a typical ransomware claims to be affiliated with legitimate authorities like the FBI and the French law enforcement agency National Gendarmerie. It then manipulates you into thinking that you somehow violated certain laws or that your computer is being used for illicit activities. It forces you to do something, which is typically sending money to the hackers, before it gives back your access to your computer and files. To add a false sense of urgency, the ransomware may impose a deadline to comply with their demands or else you lose your files forever.
How to Remove Ransomware
It may be tempting to yield to the demands of the ransomware, but there’s no assurance that you’ll get back complete control of your computer and files after paying. If you did pay a fortune (and got nothing in return), contact your bank and local authorities to stop the transaction. Report fraud and other Internet crime to your government’s anti-fraud website (e.g., OnGuardOnline.gov in the US and ActionFraud in the UK).
Several legitimate tools are available online that can remove ransomware. For Windows computers, the Microsoft Safety Scanner and Windows Defender Offline are recommended choices. Third-party removal tools, such as malware scanners from Malwarebytes and BitDefender, can also eliminate the threat.
You won’t probably be able to download these removal tools using the infected computer, what with the browser or the computer itself completely disabled by the ransomware. Instead, use another clean computer to download the removal tools and install them in a USB flash drive. Steps to using removal tools may vary, but the basic steps usually involve booting the infected computer in Safe Mode, inserting the USB flash drive and running the removal tool.
How to Recover Files Taken Hostage by Ransomware
By following the steps in the previous section, you should now have control over your computer.
It’s now time to recover your files. If you’re lucky, the files have only been hidden from view by the ransomware. All it takes to see them again is by toggling the Show hidden files, fodders, and drives setting in Folder Options. When you find your files, right-click each one of them, select Properties, uncheck the Hidden attribute checkbox in the Properties window and click OK. You can also perform this step to folders to simultaneously unhide all files inside them.
If you encountered a nastier type of ransomware that had encrypted your files, you need to obtain the decryption key. Once again, it may be tempting to pay up to the hackers who handle the ransomware and retrieve the key, but these hackers aren’t obliged to deliver their promises. You may end up with less money and still without access to your files.
All hope is not lost, though, because many security firms have developed tools capable of retrieving files from encrypted data made by ransomware. For instance, a Cisco tool can recover files from computers affected by TeslaCrypt. Researchers from FireEye and Fox-IT created decryptor for files affected by CryptoLocker. Encryptions made by the CoinVault can be undone using a repair tool by Kaspersky. None of these tools offer sure-fire retrieval of your files, but they’re better than nothing.
How to Protect Yourself Against Ransomware
File-encryption ransomware is only going to spread over time, giving you more reason to equip your computer with up-to-date protection. Use an antivirus with effective real-time protection, download and install security updates for all your software, don’t visit suspicious websites and avoid opening unknown files and email attachments.
Backing up your files to the cloud or to another drive can’t be stressed enough. As mentioned above, file recovery from a ransomware attack is not guaranteed, but you can at least minimize the damage caused by restoring from your backup.