So, you or someone you know got hit by ransomware. Your files have been encrypted, or your screen has been locked, and you have no desire to fork out on getting the access back.
We wrote this article to help you to return the access to your files. Here you will find some ransomware removal tools, tips, and tricks. Read till the end to not only find out how to remove ransomware but to learn what you must do to prevent it in the future.
How to Remove Ransomware Depending on the Type
To proceed to ransomware recovery steps, you need first to find out what type of ransomware you have. In case you already know it, just skip this part and jump on the quick call and move directly to the how-to-remove-ransomware part.
It’s clear from the heading that there are two types of ransomware: blockers and cryptors. They operate differently and require different methods to get rid of them. While some of them can be removed within a few hours, others can take days; in some cases, they can’t be removed at all.
Read our article and find out how ransomware works.
Let’s distinguish which type of ransomware you have and guide your next steps according to that.
1. Screen Locker Ransomware (Blockers)
Screen Locker ransomware is a virus that blocks access to your computer, browser, or keyword, and demands money in exchange for this access. It usually pretends to be from some law enforcement that locked your device due to some law violation.
Usually, it accuses a user of watching pornography or some illegally downloaded material. They threaten to arrest you unless you pay a ransom within a certain time. You can’t use your device until you pay the ransom or remove the malware.
The example of Locker Ransomware
If it blocks your PC, it makes it unusable – you can’t use the mouse, screen, or keyboard. Only restricted number functions are available – those that let you pay the ransom.
Locker ransomware affects Windows users and often (but not always) leaves the underlying system unharmed. This is why this type of ransomware is considered a medium-risk type.
How to remove Screen Locker ransomware
There are a lot of the removal tools depending on the particular ransomware strain. We recommend using the Kaspersky free removal tool in case your antivirus program can’t detect or delete a screen locker. It suits for Windows users.
All the following instructions on how to unlock your device and remove the malware you can find here.
2. Crypto Ransomware
Crypto ransomware is the most dangerous type. It encrypts files on your computer, mobile, server, or cloud to extort money for decryption. The files are the hostages in this situation, which are under the threat of being deleted unless you pay a ransom in time.
The example of Crypto Ransomware
When your device gets infected, and your files are encrypted, you will see a message with the demand and instructions. The payment is always in Bitcoin or another digital cryptocurrency that is hard/impossible to track.
New ransomware forms can even seep into your backup and encrypt it, leaving you with no options rather than to pay. This is why this type of ransomware is considered as a high-risk type.
Read how the 10 most notorious ransomware examples work and spread.
How to remove Crypto Ransomware
The steps you need to take to remove this type of ransomware depend on whether or not you backed up files before encryption. Also, there are new types of ransomware that can seep into your backup and encrypt it, making it useless.
Ransomware removal with backup
Before you begin to remove files, you have to make sure the malware itself is neutralized. Otherwise, it will keep encrypting files.
The procedure is the same as with previous types of ransomware. You need to find a program that removes your type of ransomware, download it, scan your computer, and delete the malware.
You can try one of those free tools to scan your computer and delete malware:
When you are sure that malware is deleted, you can start the document recovery process. If you have a backup, you only need to press a few buttons; the time of the restoration usually depends on the amount of data and the internet connection.
Ransomware removal without backup
If you don’t have a backup, the process will take more time.
Step 1. Identify the type of ransomware that has encrypted your files. These tools can help with that:
- Crypto Sheriff from NoMoreRansomware. Just download the infected file and type the email, bitcoin, or website address you see in the ransomware message. They check it for the matches in their database and come up with an answer.
- ID Ransomware. This tool works pretty much the same as the previous one. But here, if they won’t find matches in the system, they transfer your request to their analytics.
Step 2. Remove the malware from the device, following all the steps we described earlier with Scareware and Locker ransomware.
Step 3. Find a ransomware decryptor. There are several decrypting keys available for free for certain types of ransomware. Now, when you know your type, you need to look for the key that decrypts your files. Here are the ransomware decrypt tools that have a list of keys you can choose from:
- NoMoreRansomware decryption tools. The list of ransomware types that have a key is put in alphabetical order.
- HowToRemoveGuide. Scroll a bit down to see the number of keys available with a short instruction.
You can also type the name of your ransomware + “decrypt” directly in the search.
Step 4. Decrypt your files with a key. This step is possible only in case you found your key. Don’t count on a quick result; decryption usually takes time.
How to remove crypto-ransomware without a key?
If you didn’t find a key, you have two options:
- Put your data “on hold” and wait for the security experts to find a solution for your ransomware type. There is a high possibility that if you contact security specialists on the mentioned earlier sites, they will take your case to work.
- Pay the ransom. If the encrypted data is vital for you, you may consider paying the ransom. We don’t advise you to do that unless you are desperate to get your data back. Let’s consider how to do that in the most appropriate way.
Paying the ransom: tips and tricks
Alongside with other cybersecurity experts, we don’t support this idea for many reasons. But since we don’t live in a utopia, sometimes you are left with no other options but paying to get your data back.
If you don’t have a backup and ransomware removal tools don’t work for your type of ransomware, and your data is very valuable for you, it’s time to start negotiating the price.
Not many people are aware of that, but there is always a chance to pay less than the demanded price. To do that, you should contact criminals via the contacts they left (usually an email address) and negotiate the ransom price.
We recommend you to do that for a few reasons:
- In many cases, hackers agree to drop the price, because getting at least something is better than getting nothing at all. The result – you get your data cheaper.
- There is always a chance that criminals won’t send you a key, or that key won’t work. If you negotiate a lower price, at least you will lose less money.
- Criminals tend to demand more money when they see your willingness to pay the initial price. By negotiating, you show that it won’t work with you.
Note: this technique may work for individuals or small businesses. But for enterprise companies or organizations in the public sector like government or healthcare, the stakes are much higher, so cybercriminals are not inclined to knock off the price.
How to Protect Your Data From Ransomware in 2020
You’ve probably heard that having a backup is a key part of your data loss strategy. Unfortunately, this is not an all-covering solution anymore in terms of ransomware threats. Newest ransomware strains like Dharma or Ruyk are programmed to spread across your data with any means possible.
Unless you are keeping your backup copy offline fully detached from the primary data, it is in danger of getting infected via lots of secondary ways.
Given the new tendencies, using only one method is insufficient. To get closer to maximal security you must include a whole arsenal of methods in your data protection strategy.
What you can do to protect from ransomware:
1) Back up your data as frequently as possible. That determines how much data you can potentially lose during a ransomware attack. If you back up data every day, it means you can lose 1 day’s worth of data.
2) Use automated ransomware protection services. This is a new type of protection that was rolled out as a response to the automation trend in a cybersecurity field. It detects a ransomware attack in progress and stops it before it can damage your primary data and backup.
4) Implement a two-step authentication policy. It is a proven fact that passwords are the weakest point in the organization’s defense mechanism.
5) Keep your OS and software updated. Always.
6) Use antivirus/antimalware software and firewalls. Even though antiviruses are not 100% effective against new ransomware types, it protects you from different kinds of malware that can be a nursery for the older ransomware strains.
7) Create a blacklist of potentially malicious and fake apps and add-ons. It is the new channel cybercriminals use to deliver ransomware and steal your data. The number of data breaches via apps will keep growing dramatically in 2020, so you better prepare yourself and use automatic apps audit services for G Suite Marketplace and Google Apps.
In case you don’t have the time and resources to deal with every threat vector separately, you can try for free our all-in-one data protection platform SpinOne. It monitors, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.
7,273 total views, 3 views today