So, you or someone you know got hit by ransomware. Your files have been encrypted, or your screen has been locked, and you have no desire to fork out on getting the access back. It’s understandable.
How to get rid of ransomware then?
As a data protection company, we help companies and individuals restore their data corrupted by ransomware every day. But getting your data back without removing the source means you can get your files encrypted again.
We wrote this article to help you both return access to your files and get rid of the malware that has caused the encryption. Here you will find some ransomware removal tools, tips, and tricks. Read till the end to not only find out how to remove ransomware virus but to learn what you must do to prevent it in the future.
Table of Contents
How to Remove Ransomware Depending on the Type
To proceed to ransomware removal steps, you need first to find out what type of ransomware you have. In case you already know it, just skip this part and jump on the quick call and move directly to the how-to-remove-ransomware part.
It’s clear from the heading that there are two types of ransomware: blockers and cryptors. They operate differently and require different methods to get rid of them. While some of them can be removed within a few hours, others can take days; in some cases, they can’t be removed at all.
Let’s distinguish which type of ransomware you have and guide your next steps according to that.
Screen Locker Ransomware (Blockers)
Screen Locker ransomware is a virus that blocks access to your computer, browser, or keyword and demands money in exchange for this access. It usually pretends to be from some law enforcement that locked your device due to some law violation.
Usually, it accuses a user of watching pornography or some illegally downloaded material. They threaten to arrest you unless you pay a ransom within a certain time. You can’t use your device until you pay the ransom or remove the malware.
The example of Locker Ransomware
If it blocks your PC, it makes it unusable – you can’t use the mouse, screen, or keyboard. Only restricted number functions are available – those that let you pay the ransom.
Locker ransomware affects Windows users and often (but not always) leaves the underlying system unharmed. This is why this type of ransomware is considered a medium-risk type.
How to remove Screen Locker ransomware
There are a lot of removal tools, depending on the particular ransomware strain. We recommend using the Kaspersky free removal tool in case your antivirus program can’t detect or delete a screen locker. It suits Windows users.
All the following instructions on how to unlock your device and remove the malware you can find here.
Crypto Ransomware (Encryptors)
Crypto ransomware is the most dangerous type. It encrypts files on your computer, mobile, server, or cloud to extort money for decryption. The files are the hostages in this situation, which are under the threat of being deleted unless you pay a ransom in time.
The example of Crypto Ransomware
When your device gets infected and your files are encrypted, you will see a message with the demand and instructions. The payment is always in Bitcoin or another digital cryptocurrency that is hard/impossible to track.
New ransomware forms can even seep into your backup and encrypt it, leaving you with no options rather than to pay. This is why this type of ransomware is considered a high-risk type.
Read how the most notorious ransomware examples work and spread in this article→
How to remove Crypto Ransomware
The steps you need to take to remove this type of ransomware depend on whether or not you backed up files before encryption. Also, there are new types of ransomware that can seep into your backup and encrypt it, making it useless.
Ransomware removal with backup
Before you begin to remove files, you have to make sure the malware itself is neutralized. Otherwise, it will keep encrypting files.
The procedure is the same as with previous types of ransomware. You need to find a program that removes your type of ransomware, download it, scan your computer, and delete the malware.
You can try one of those free tools to scan your computer and delete malware:
When you are sure that malware is deleted, you can start the document recovery process. If you have a backup, you only need to press a few buttons; the time of the restoration usually depends on the amount of data and the internet connection.
Ransomware removal without backup
If you don’t have a backup, the process will take more time.
Step 1. Identify the type of ransomware that has encrypted your files. These tools will help with that:
1. Crypto Sheriff from NoMoreRansomware. Just download the infected file and type the email, bitcoin, or website address you see in the ransomware message. They will check it for the matches in their database and come up with an answer.
2. ID Ransomware. This tool works pretty much the same as the previous one. But here, if they won’t find matches in the system, they will transfer your request to their analytics.
Step 2. Remove the malware from the device, following all the steps we described earlier with Scareware and Locker ransomware.
Step 3. Find a ransomware decryptor. There are several decrypting keys available for free for certain types of ransomware. Now, when you know your type, you need to look for the key that decrypts your files. Here are the ransomware decrypt tools that have a list of keys you can choose from:
1. NoMoreRansomware decryption tools. The list of ransomware types that have a key is put in alphabetical order.
2. HowToRemoveGuide. Scroll a bit down to see the number of keys available with a short instruction.
You can also type the name of your ransomware + “decrypt” directly in the search.
Step 4. Decrypt your files with a key. This step is possible only in case you found your key. Don’t count on a quick result; decryption usually takes time.
If you didn’t find a key, you have two options:
- Put your data “on hold” and wait for the security experts to find a solution for your ransomware type. There is a high possibility that if you contact security specialists on the mentioned earlier sites, they will take your case to work.
- Pay the ransom. If the encrypted data is vital for you, you may consider paying the ransom. We don’t advise you to do that unless you are desperate to get your data back. Let’s consider how to do that in the most proper way.
Paying the Ransom: Tips and Tricks
Alongside other cybersecurity experts, we don’t support this idea for many reasons. And yet, sometimes you are pressed against the wall: to pay, or to lose data forever and pay X times more.
Let’s face it: most companies simply aren’t prepared to survive a ransomware attack. They have neither regular backup nor ransomware protection measures in place. This is why the ransomware attacks put around 60% of small-to-medium companies out of business within six months after the attack.
If you don’t have a backup and can’t afford to experience the downtime or the value of the encrypted files is very high, you may consider paying to get them back.
If after weighing all pros and cons you’ve decided to take a risk and pay the ransom, here are the things to keep in mind:
1. You need to make sure hackers actually can decrypt your files.
It is often the case that cybercriminals claim to have the decryption key when, in reality, they don’t. In this case, you can get ripped off and still have your data inaccessible.
To check if the cybercriminals really can decrypt your files, demand them to decrypt a small portion of the data – a few documents, for example. If they refuse, this is an outright sign they are unable to decrypt your data and they’re just lying. Don’t fall for this bait.
2. Don’t be afraid to negotiate the price.
Not many people are aware of that, but there is always a chance to pay less than the demanded price. To do that, you should contact criminals via the contacts they left (usually an email address) and negotiate the ransom price.
We recommend you to do that for a few reasons:
1. In many cases, hackers agree to drop the price because getting at least something is better than getting nothing at all. The result – you get your data cheaper.
2. There is always a chance that criminals won’t send you a key, or that key won’t work. If you negotiate a lower price, at least you will lose less money.
3. Criminals tend to demand more money when they see your willingness to pay the initial price. By negotiating, you show that it won’t work with you.
Note: this technique may work for individuals or small businesses. But for enterprise companies or organizations in the public sector like government or healthcare, the stakes are much higher, so cybercriminals are not inclined to knock off the price.
How to Protect Your Data From Ransomware in 2020
You’ve probably heard that having a backup is a key part of your data loss strategy. Unfortunately, this is not an all-covering solution anymore in terms of ransomware threats. The newest ransomware strains like Dharma or Ruyk are programmed to spread across your data with any means possible.
Unless you are keeping your backup copy offline fully detached from the primary data, or using backup solutions with inbuilt ransomware protection, it is in danger of getting infected via many secondary ways.
Given the new tendencies, using only one method is insufficient. To get closer to maximal security, you must include a whole arsenal of your data protection strategy methods.
What you can do to protect from ransomware:
- Back up your data as frequently as possible. That determines how much data you can potentially lose during a ransomware attack. If you back up data every day, it means you can lose one day’s worth of data.
- Use automated ransomware protection services. This is a new type of protection that was rolled out as a response to the automation trend in the cybersecurity field. It detects a ransomware attack in progress and stops it before it can damage your primary data and backup.
- Educate yourself and the end-users. Read how do you get ransomware in the first place and how to protect against ransomware both if you are an individual or an organization.
- Implement a two-step authentication policy. It is a proven fact that passwords are the weakest point in the organization’s defense mechanism.
- Keep your OS and software updated. Always.
- Make an antivirus/antimalware software utilization an obligatory part of your organization’s cybersecurity policy.
In case you don’t have the time and resources to deal with every threat vector separately, you can try for free our all-in-one data protection platform SpinOne. It monitors, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.