How to remove ransomware from a PC
Ransomware can be anything from a mild inconvenience to a major catastrophe. Ideally, you’d avoid getting it in the first place. If, however, you do, you need to know what to do. With that in mind, here is a quick guide on how to remove ransomware from a PC.
Your starting point is working out what kind of ransomware it is
The defining characteristic of ransomware is that it tries to make the victim pay money to solve a problem it has created. Different forms of ransomware, however, take different approaches to achieve this.
This is a common pest on personal computers. A standard scareware attack will display a scary (hence the name) message on the screen claiming that there is some kind of problem with the computer. Rather ironically, the current favorite is that it has been infected by malware, which is, technically, true. It will also provide instructions to fix the problem, which will involve some kind of payment.
The reason scareware tends to be limited to personal computers is that it generally works on the basis of quantity rather than quality. In other words, it’s about throwing spaghetti against the wall and seeing what sticks. Most businesses have proper anti-malware programs in place which quickly pick up on this kind of ransomware. All consumers need to do is install one, have it scan their computer, and follow its instructions.
This is essentially a twist on scareware, but it’s a bit more complicated because it genuinely does lock down your PC. The standard tactic is to claim that your computer has been linked to criminal activity and has been deactivated by a law enforcement agency (usually the FBI). The victim is then given instructions about how to pay a sanction to have their PC reactivated.
As with scareware, lockware tends to be restricted to personal computers because business users will generally have better protection, and often a better knowledge of how law enforcement agencies actually work. They will also generally know how to boot into safe mode with command prompt and restore to an earlier point in time, which is the way to deal with this version of ransomware.
Once you’ve done that, as before install a reputable anti-malware program and have it scan your PC, just to be on the safe side.
Encryption ransomware is very different from the two previous forms of ransomware. It is generally targeted at business users. Many times this is because they didn’t implement sufficient protection (or keep it up-to-date). Sometimes this is because the form is so new that cybersecurity defenses are unable to recognize it.
As its name suggests, encryption ransomware encrypts some or all of the files on your network. This means that the extent of the pain it causes depends largely on how good a job you have done of backing up your data. The reason for this is that although removing encryption ransomware itself is very easy – but it does not decrypt the files.
If you do not have a data backup, then your only hope is that there is a decryption tool available online. You first need to find a ransomware identifier that can analyze the inevitable ransom note and the sample files which are usually sent with it (to show that the cyber attacker means what they say). Once you know exactly what type of encryption ransomware was used in the attack, you can see if there is a decryption tool available for it.
Even if you find one, hold off the celebrations until you see how well it performs. Encryption ransomware is big business and the people behind it can afford to keep their software regularly updated to stay ahead of security tools.
Preventing ransomware from attacking your PC
Knowing how to remove ransomware from your PC can be very useful, but it’s better to know how to stop it from getting onto your PC in the first place. There are two keys to achieving this. Firstly, you need a reputable anti-malware program and secondly, you need to make sure that your operating system and any locally-installed apps are kept regularly updated.
To be clear, Windows Defender is a pretty decent offering, but these days it is highly risky to rely on it as your sole means of protection. It is much better to supplement it with a robust anti-malware program with an integrated firewall from a dedicated cybersecurity company.
Make sure you have a data backup
While you obviously want to avoid getting ransomware on your PC in the first place, it’s reassuring to know that you have a Plan B if you ever do.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response
Protect A Computer From Ransomware
IT Inventory Management Software