How to remove ransomware
Ransomware can generally be removed quite easily. You do, however, need to know what approach to use for what particular form of ransomware. You also need to know what steps to take to minimize the damage a ransomware attack can cause. With that in mind, here is a quick guide on how to remove ransomware.
Start by identifying the type of ransomware used in the attack
Currently, there are three main forms of ransomware. These are scareware, lockware, and encryption ransomware. As a rule of thumb, if you see a message referencing anything other than encrypted files, it’s either scareware or lockware.
If you see a message referencing encrypted files, it’s probably encryption ransomware, however, it may be worth trying the strategies to remove scareware and lockware in case it is simply one of these forms disguised as encryption ransomware.
Scareware, as its name suggests, does absolutely nothing to the host device. It simply displays a message which is designed to frighten people who don’t really understand technology. The idea is to convince them that they need to pay the cyberattacker to deal with some kind of problem that doesn’t actually exist. All they actually have to do is ignore the message and install a reputable anti-malware scanner. Have it scan the device and follow whatever instructions it gives.
Lockware is basically scareware with the twist that it actually does lock your computer so that you can’t use it. Lockware can also look a bit more visually-impressive than scareware. For example, the Reveton lockware attack used localized versions of the ransomware. This made it possible to display logos suggesting that it was being deployed by a law-enforcement agency people in that area would recognize. It also displayed the victim’s IP address to reinforce the idea that they were under surveillance.
Actually, removing lockware is only slightly more complicated than removing scareware. Boot into safe mode and see if you can install an anti-malware product. If so, have it scan your device and follow its instructions. If not, recover to a previous point in time, then install an anti-malware product and have it scan your device.
Removing encryption ransomware
Encryption ransomware really does create a problem. It encrypts your files (or some of them) and then demands payment for the key to decrypt them. Removing the virus itself is generally very straightforward. Usually, you can just install an anti-malware product and have it scan your computer. The problem is that removing the ransomware does not reverse the encryption of the files. In other words, you still need the decryption key – unless you have a backup.
Protecting your data against encryption ransomware
There are two important rules to follow if you want to keep your data safe from the impact of encryption ransomware. Firstly all sensitive data must be kept encrypted. Secondly, you must have an off-site data backup as well as a local one.
The reason for encrypting your data is to prevent the issue of ransomware being compounded by the issue of data theft. Data theft is bad enough if it “just” relates to confidential company data. If, however, it relates to any sort of personally identifiable data, including data belonging to your own employees, then you may well find that you wind up in trouble with law enforcement for failing to implement adequate data-security precautions.
The reason for keeping an off-site data backup is that local data backups are very vulnerable to compromise if your production system comes under attack. This is particularly true if you automatically back up to local storage as the encrypted files will be identified as having changed and will, therefore, be copied into the backup system, overwriting any healthy files which were already there.
Ideally, you should not only have a second data backup location, which is entirely separate from your production system, but you should also keep data backups from various time points, in case there is a delay before you pick up on the attack. You can reduce the cost of keeping these extra data backups by moving them into slower storage.
Keeping ransomware out of your systems
It’s useful to know how to remove ransomware but it’s even more useful to stop it getting into your systems in the first place. This means that it makes sense to invest in a reputable anti-malware program with an integrated firewall. You don’t want to rely on the default security software bundled with most operating systems. You do, however, need to ensure that your operating systems are promptly updated when security patches are released. You also need to update any locally-installed applications you still use.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response