How to remove ransomware from Windows 10

Updated on October 21, 2022, by Xcitium

How do you remove ransomware from Windows 10?

To remove ransomware from Windows 10, disconnect the infected device, boot into Safe Mode, run advanced anti-malware tools, and restore files from backups or decryption tools. Acting quickly helps prevent the ransomware from spreading and causing further damage.

Windows 10 is Microsoft’s most secure operating system yet and is regularly updated. It is, however, far from immune to ransomware. With that in mind, here is a quick guide on how to remove ransomware from Windows 10.

What should you do first after ransomware on Windows 10?

Disconnect from Wi-Fi and unplug Ethernet
Remove external drives and cloud sync access
Disable shared folders and network connections
Do not log into other systems from the infected device

➡ Isolation stops ransomware from spreading across systems.

Step-by-Step: Remove Ransomware from Windows 10

Step 1: Boot into Safe Mode

Restart Windows 10 in Safe Mode to prevent ransomware from running.

➡ Safe Mode loads only essential processes, making malware easier to detect and remove

Step 2: Run anti-malware scan

Use advanced endpoint protection tools to:

Scan the system
Detect ransomware files
Remove malicious components

Step 3: Identify the ransomware strain

Use tools like ransomware identifiers to check if a decryption tool exists.

Step 4: Remove ransomware completely

Delete infected files
Clean registry entries
Ensure no hidden processes remain

Step 5: Reinstall Windows 10 (if required)

For severe infections:

Boot from clean recovery media
Wipe the system
Reinstall Windows

➡ This ensures complete removal of hidden malware

Step 6: Recover your files

Restore from backups (best option)
Use decryption tools (limited success)

➡ Removal stops the attack but does not guarantee file recovery.

Ransomware Removal Options for Windows 10

Method	Purpose	Effectiveness
Anti-Malware Scan	Remove ransomware files	High
Safe Mode	Disable malicious processes	Medium
System Restore	Revert to safe state	Medium
OS Reinstall	Remove deep infections	Very High
Backup Recovery	Restore encrypted data	Best recovery option

Work out what kind of Remove Ransomware From Windows 10 it is

Ransomware comes in three main forms, scareware, lockware, and encryption ransomware. The first two are most prevalent in the consumer world and are fairly easy to remove. Encryption ransomware is more prevalent in the business world and is a much nastier threat.

Scareware

Scareware, as its name suggests, is a straightforward intimidation ploy. It puts frightening messages on the screen to try to trick the victim into calling for help, for which they have to pay. Just have a decent anti-malware program run a scan on the infected device and follow its instructions.

Lockware

Lockware is a bit more of a pain as it blocks access to the computer itself. Boot into safe mode plus command prompt, restore to a previous time point and then install a decent anti-malware program and have it scan the device just in case.

Dealing with encrypted files

The best way to deal with encrypted files is to delete them and restore them from a backup. If, however, it’s too late for that then you need to identify what kind of ransomware it is and cross your fingers that there is a decryption tool available for it.

There are online ransomware identifiers that can analyze the ransom note and the sample files which generally come with it and determine which form of ransomware was most likely to have been used in the attack. They may also be able to tell you if there is a decryption tool available for it.

If not, or if they say there isn’t, then there is nothing to stop you looking online and hoping you get lucky. Even if you find a decryption tool, however, it’s advisable to wait and see if it works before you start celebrating. The sad fact is that ransomware is lucrative enough for its creators to be able and willing to put the effort into keeping it regularly updated so that it stays ahead of security tools.

Remove Ransomware From Windows 10: Keeping ransomware off a Windows 10 PC

Ideally, you should not be asking yourself how to remove ransomware from a Windows 10 PC. You should be asking yourself how to stop it from getting on your Windows 10 PC in the first place. The answer to that is to use a robust anti-malware program with an integrated firewall and to make sure that all Windows 10 updates are applied promptly.

To be clear, using Windows Defender on its own is risky. It may be fine for light users, but if you’re using the internet regularly, have sensitive data on your computer or use your computer for any form of work, then it’s strongly recommended to boost Windows Defender with an anti-malware program from a company which actually specializes in anti-malware products.

The good news is that if you want a product for personal use, there’s a good chance you can get one for absolutely free. Businesses will generally need to look at paid products but even then you can get some excellent products at prices even SMBs can afford.

The importance of Windows 10 updates

Although there’s a lot that can be said in favor of Windows in general and Windows 10 in particular, Microsoft has yet to find a way to ensure that their updates process is always both hassle-free and risk-free. Windows 10 in particular is notorious for the June 2018 update which left many PCs dead in the water and needing a fresh installation of their operating system.

While this might be the most infamous example of Microsoft getting it wrong with its Windows 10 updates, there are plenty more to quote. For example, the May 2020 update has been called out for causing all kinds of (admittedly fairly minor) problems at a time when many people need their computers to work from home.

Xcitium It is therefore entirely understandable that people may wish to hold off installing Windows 10 updates until they’ve had feedback on what they can expect from them. Just make sure that you limit this “waiting period” to a few days, a week at most. Leaving it for too long can open the door to ransomware attacks.