Ransomware disease can be quite scary. If you find a notice appears on your computer screen telling you that the computer is locked, or your documents are encrypted, do not panic. Rather, take a deep breath, sit down, and think about your options.
There are quite a few steps you can take to attempt and regain control of your Windows system and files until you want to determine whether you will pay a ransom.
Learn what sort of ransomware you’ve got
First, you will want to ascertain whether you have been struck by encrypting ransomware, screen-locking ransomware, or something that’s just pretending to be ransomware. See whether you can get files or folders, like the items on the desktop or in My Documents folder.
If you cannot get beyond the ransom note you see on your display, you are probably infected by screen-locking ransomware, which isn’t so bad. If you find a note claiming to be from law enforcement, the FBI or the IRS that says you have been caught looking at porn or submitting false taxes and has to pay a “fine,” that is usually screen-locking ransomware, also.
If you’re able to browse through directories or programs but you cannot open your routine office documents, movies, photographs, or emails, then you’ve encrypting ransomware, which is much worse.
If you can both navigate the system and read most files, then you’re probably seeing something imitation that is just trying to scare you into paying. You may dismiss the ransom note. Try closing your internet browser. If you cannot, then hit the Control, Shift and Esc keys at the same time to start Task Manager, Select the Application tab, right click on the browser program and select End Task
If you pay the ransom?
Most security experts, in addition to Microsoft itself, counsel against paying any ransoms. There’s no guarantee you will get your files back in the event that you pay only encourages more ransomware strikes. (Do not pay the ransom to get screen-locking ransomware, since you can almost always get around it)
But when you will need to recover medical, legal or business documents, valuable family photos or other critical files, paying $300 or so resembles a viable alternative — and most ransomware offenders do unlock the documents after ransoms are paid. So we would rather remain neutral on the topic of if paying ransoms is advisable or morally acceptable.
How to deal with encrypting ransomware
Because encrypting ransomware is the most frequent and most harmful kind, we will deal with this first. Perform all these steps in sequence, even when you know you have recently backed up your files. Stop when you have succeeded in recovering your files.
1. Disconnect your machine from any others, and from some other external drives. If you are on a network, go offline. You don’t need the ransomware to disperse to other devices on the local network or to file-syncing services like Dropbox.
2. Utilize a smartphone or even a camera to take a photograph of this ransom note presented in your display. If you are able to take a screenshot, do this also. You will want to file a police report later after you go through all these steps.
3. Use antivirus or antivirus software to wash out the ransomware in the device, but only do this if you’re determined not to pay the ransom. (Otherwise, wait until you have recovered your documents.) You might need to reboot into Safe Mode by pressing the power button and the S key on the keyboard at the same time.
Taking away the ransomware won’t decrypt your files, and it might kill your odds of getting the files back by paying the ransom. But it is going to permit you to carry out each of the next measures without the danger that the ransomware will encrypt new files or attempt to thwart the recovery procedure.
4. See if you’re able to recover deleted files. Many kinds of encrypting ransomware copy your files, encrypt the copies, and then delete the originals. Fortunately, you can often recover deleted files easily with tools like the free ShadowExplorer or the paid Data Recovery Download.
5. Figure out exactly which strain of encrypting ransomware you are handling. If the ransomware does not announce its name, then try the Crypto Sheriff online tool or the ID Ransomware online tool. Both let you upload encoded files and tell you if the encryption could be reversed. (In many cases, it cannot be.)
6. See whether there are decryption tools out there. If you already know the name of the ransomware breed, cruise over to the listing of decryption tools in the No More Ransom site and see if there’s a fitting decryptor.