Removing Ransomware: What it is and how to get rid of it
Ransomware is a type of malware that seeks to extort money from victims. The malicious code may lock up computers and mobile devices, encrypt (or claim to have encrypted) files, or pose as law enforcement levying a fine for illegal activities.
You can protect against ransomware by using good anti-malware utilities, avoiding suspicious downloads and backing up your system so you can restore it easily. Having done all this, however, there’s still a chance you could fall victim to a ransomware attack. Backups and an effective system restore strategy will not be sufficient if your system remains infected – the problem will only reoccur. Worse still, some types of ransomware are designed to spread to other users via emails and files from an infected machine. For this reason, it’s important to make sure that your system is completely free of ransomware.
The first thing to remember is that you must never pay the ransom. It’s highly unlikely that the attacker will really be willing to help, or that you’ll recover any encrypted files or unlock a locked device. In many cases, your files have not even been encrypted and unlocking your device may simply be a matter of removing the malware. All paying the ransom will do is lose you money and encourage the attacker to continue spreading ransomware.
If you’ve failed to back your files up and they really are encrypted, recovery may still be possible. You can find free decryption tools online which may work in some cases, such as VG’s ransomware decryption tools or Trend Micro’s removal tool for lock screen ransomware. An IT or security specialist may be able to help if you can’t decrypt the files yourself.
To get rid of the infection, you’ll need to run anti-malware utilities. Your usual anti-virus software may not be powerful enough to deal with this type of infection. You can download more effective tools from the internet; many ransomware-specific tools are available, or you could try a general anti-malware tool such as SpyBot Search and Destroy or MalwareBytes Anti-Malware. It can be difficult to run anti-malware utilities if your computer is locked, however. In this case, you could try booting your device in Safe Mode or creating a bootable CD or USB. This may allow you to run your anti-malware utilities successfully.
It’s a good idea to run additional tests even when the ransomware seems to have gone. If you fall victim to a ransomware attack, it’s a symptom of a flaw in your security which you’ll need to address. Make sure that all of your software is patched and up-to-date, and that all your passwords are secure.