Infected by Ransomware? What should you do now?
Far more frightening than a simple virus, a ransomware attack can be devastating to your digital life. One minute you are surfing along, the next minute your files are locked and inaccessible.
If you think ransomware has invaded your computer, you first need to determine if the infection is real or just a scam. If you see a pop-up screen warning you that your computer is infected, that you owe money to the police or an organisation and they are coming to arrest you, then you should take a picture of the screen and then try to close it. If the pop-up closes and you can close your browser and work normally, you are probably looking at a simple scam.
If you think the ransomware infection is just a scam, run a full virus and malware scan to make sure your system is clean. Once you confirm your machine is clear of infection, you can go back to your regular online activities.
If the screen appears to be locked, or if you cannot open and navigate through your files, the ransomware infection is probably all too real. At this point, you will need to decide if you are going to pay the ransom and hope to get your files back or ignore the ransom demand and restore them on your own.
Having a backup copy of your data puts you in a much stronger position, so hopefully you have copies of your files stored in the cloud or a backup device. If you do not have a backup and plan to pay the ransom, you must keep in mind that there are no guarantees. You are working with a criminal, after all, so do not get your hopes up or assume they will return your files once the money changes hands.
If you plan to go it alone, there are several things you should do first. The first thing you should do is disconnect your computer from the internet and any external hard drives, thumb drives, and other backup devices. If these connected devices have not been compromised, you can protect them from damage by disconnecting them promptly.
If you can still access your computer, try running your anti-virus and anti-malware software right away. If you find any infections, use the software to quarantine and remove the problematic files. Keep in mind that if your system is already infected, running the scan could damage the impacted files, so take this step only if you have already decided to use your backups.
If you cannot access your anti-virus or anti-malware software, you may need to boot your computer into Safe Mode. Once the machine is in Safe Mode, try to rerun the software and complete the quarantine and cleansing process.
Once the anti-virus and anti-malware scans are complete, you can try to recover your encrypted files. Some forms of ransomware make copies of your files, encrypt the copies and trash the originals, so you may be able to recover those deleted files. There are a number of file recovery programs on the market, both free and paid, so that is a good place to start.
If this simple recovery attempt does not work, your anti-virus manufacturer may still be able to help. Some software providers, including industry giants like AVG, Avast, McAfee and Trend Micro, have developed decryption tools capable of reversing the damage from many ransomware attacks.
Hopefully, these decryption tools will be able to recover the files held for ransom, so you can restore them and get on with your life. If that fails, it is time to grab your backups and do a restore on your own. Before you attempt to do so, however, you will want to make sure your backups are not also encrypted.
To make sure the backups are unencrypted, plug your backup device into another computer or ask an expert to check them for you. If the backups are good, you can just copy them back to your computer. If they are also compromised, you may need to have a professional try to recover them.
Being the victim of a ransomware attack is never fun, but if you have been diligently backing up your files, it may not be the end of the world. In fact, that frightening ransomware attack may be little more than a scam. Even if the infection is real, there are things you can do to recover your files without giving your hard-earned money to a criminal. At the very least, that ransomware warning screen should be a wake-up call to start backing up your files every day.