What to do if Ransomware attacks your computer?
Ransomware the file encrypter has already infected thousands of computers across the globe. In May 2017, Ransomware had infected 100,000 organizations in 150 countries. That happened three days after Ransomware was first released. Alarming isn’t it?
What’s scary about Ransomware attack is it guarantees data loss. Once it holds the file or computer hostage, it demands a ransom ranging from $200 and up in exchange of the decryption key. The files will never be restored until the ransom is paid.
To have a better understanding of Ransomware. Let’s discuss it briefly.
Ransomware is a type of malware that is designed to encrypt files and lock the computer. It is installed through social engineering techniques such as phishing links and emails. Once installed, it loads in the computer memory and deletes itself.
That doesn’t mean that Ransomware is no longer in the computer. It is still there, it does that to remain invisible in Task Manager so that it can access the hard drive files without being exposed. When the user opens the file, surprised! The access is denied!
So what to do if Ransomware hits your computer?
So you have found out that Ransomware has infected your files, what to do next? Stay calm. Panicking will never solve the problem anyway. The file has been encrypted and the computer has been locked. You need to have a sound mind to get the problem fixed.
Try to figure out how you get Ransomware in your computer. Do you remember any suspicious email or attachment you have downloaded recently that may have contained the virus? This will help spread awareness.
Disconnect and Disable
To stop ransomware from infecting the other devices within the network, disconnect the infected computer. Ransomware can spread within the network too.
Once disconnected, you can disable it in the computer to prevent it from encrypting other files.
Go to MSCONFIG, click on start up. Look for any suspicious file with an unknown publisher. Uncheck it, click apply then OK.
This stops Ransomware activities in the computer.
Decide whether to delete or not Ransomware
NOTE: If you decide to restore the files by paying the ransom, never delete the virus
because you may lose the encryption key. Although FBI advises not to pay the hackers because the getting the encryption is never guaranteed.
If you have backed up your files, you may proceed with Ransomware Deletion.
Enter Safe Mode by pressing F8 before Windows loads when you restart the computer. Go to TEMP folder and delete the files in there.
Ransomware, Trojan, Spyware, Adware, and other types of malware usually hide in the TEMP folder. Once the files are deleted, run an anti malware software to scan the computer. Once it’s finished scanning, it’ll display the threat detected on the computer. Delete them and exit.
You can now restart Windows normally. That should have deleted Ransomware from the computer.
If you don’t have backups for your files, you may try some decryption tools available online. They can help restore your files without paying the ransom. In some cases, the decryption key doesn’t work, but it’s worth giving it a try.
There’s a saying that goes “prevention is better than cure.” That is true! The best way to avoid the hassle of decrypting your files or paying the ransom is to prevent Ransomware from entering the computer.
How to do that?
Be cautious when you access the Internet. We have mentioned that Ransomware is installed through some forms of social engineering. It is an art of deception. It tricks the users into installing malware willingly by presenting it in a positive way.
One example of this is a phishing email that contains a message saying that there’s a funny photo of you, click here to view the image. If you are unaware that this a form of social engineering, you will install malware the moment you download the attachment.
Another example is a phishing link that redirects the user to a fake website that contains malware. Many are unaware that the website they are logging in on is fake. To check if the link is safe, you may use a website inspector. This scans the URL to check its reputation.
One of the best ways to protect your computer from Ransomware and other types of malware is install an advanced anti malware software. The anti malware combats malware and secures the computer all the time. So you never have to worry about Ransomware attacking your computer.
Kevin Jones832 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.