How do I get rid of ransomware?
Ransomware is a big problem and it’s getting bigger every day. The good news is that there are steps you can take to deal with it. This guide will answer the increasingly common question “how do I get rid of ransomware”.
Firstly, you need to identify what kind of ransomware it is.
There are three common forms of ransomware. These are scareware, lockware, and encryption ransomware. While they all work along broadly similar lines, they need very different treatment.
How to get rid of scareware
The good news about scareware is that it doesn’t actually do anything other than try to frighten you into thinking you have a problem you need to pay to resolve. Generally, you get a message saying that you’ve been infected by malware and need to contact a service for chargeable IT support to resolve the issue.
There are all kinds of reasons for ignoring this message including the fact that handing over your phone number and bank details to cyber criminals is just asking for trouble. Instead, just install a reputable anti-malware program and follow its instructions.
Lockware is a bit more difficult since it actually does lock down your computer, but it’s still mostly scare tactics. Generally, you get a message saying that your computer has been identified with criminal activity and hence has been seized by some kind of law enforcement agency (the FBI is popular) and that you need to pay a penalty to get it back.
Again, ignore it. This time, boot into safe mode (plus command prompt for Windows) and restore to a previous time point. Then install a reputable anti-malware program and have it scan your computer just to be on the safe side.
How to get rid of encryption ransomware
Encryption ransomware encrypts some or all of your files and then demands a ransom for the key to decrypt them. Getting rid of the ransomware itself is usually easy enough. You just install a reputable anti-malware program and have it scan your computer. The problem is that this will not decrypt the files.
Regaining access to your files
When it comes to regaining access to your files, you basically have three options. Your best option by far is to restore from a data backup. Your worst option by far is to pay the ransom. If neither of these is possible, then you can try to find a tool to decrypt the files, but you should be prepared for the worst and you should consider yourself very lucky if your attempt is successful.
How to find an encryption ransomware decryption tool
Your first task is to figure out which specific kind of encryption ransomware was used in the attack. There are ransomware identifier tools online which can analyze the ransom note and the sample files which generally come with it (to show that the cyber attacker is serious). There is a good chance that one of these will be able to tell you what type of ransomware was used. Be aware, however, that if you’ve been very unlucky it will be a new form of ransomware and they will not be able to recognize it.
Once you have (hopefully) identified what form of ransomware it is, you can then cross your fingers while you look to see if there is a decryption tool available for it. Even if you find one, please keep in mind that, despite all the warnings, enough people pay the ransom to make it possible for ransomware to be continually updated. This means that decryption tools can become obsolete very quickly.
How to protect against future ransomware attacks
If you cannot find a ransomware decryption tool, then you have to decide for yourself whether or not you will pay the ransom. If you do, then do so with your eyes open. In other words, understand, firstly that there is no guarantee that you will get the decryption key and secondly that you will be financing criminal activity, possibly terrorist activity. You will also, potentially, be setting yourself up for further attacks as the cyber criminals will have identified you as a soft target (i.e. one who will pay up).
Whatever you decide, you will presumably want to reduce the likelihood of further ransomware attacks and do your best to protect yourself if they do happen. This means firstly that you need to invest in a reputable anti-malware program with an integrated firewall and secondly that you need to ensure that all operating systems and apps are updated promptly. You then need to ensure that you are running a robust data backup system so you can restore easily if the worst does happen.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response