So, you’ve turned on your laptop to get some work done, only to be met with a scary message in blinking red text – hackers are holding your data for ransom, and they want several hundred dollars to release it.
Don’t panic. You can probably get your data back without paying the ransom, and you’ll definitely be able to restore your device to working condition. Follow these steps to recover your data and remove the ransomware from your device.
Contain the Infection
Firstly, you don’t want the ransomware to spread to your other devices, external hard drives, or cloud storage. So immediately disconnect your device from the network and from any other devices it might be connected to. Then take a screenshot of the ransom message, if you can, or a picture of it with your smartphone – you’ll need this evidence when you report the crime to the police.
Make Sure It’s Really Ransomware
There are three kinds of malware implemented in ransomware attacks, but only two of them are actually ransomware. The third kind of malware, called scareware, displays a ransom message on your screen but doesn’t actually lock your screen or encrypt your files. See if you can get past the screen message and try to open some files, emails, or photos. If you can get past the ransom message and open files, you’re dealing with scareware.
As far as true ransomware goes, there are two kinds: screen locking and encrypting. Encrypting is the worst kind – it will encrypt your files and you may not be able to get them back without paying for the key that unlocks the ransomware. If you can get past the screen lock and open apps or directories, but can’t open files, photos, or email, you have encrypting ransomware, and you’ll need to take extra steps to restore your data after you’ve performed the ransomware removal procedure. If you can’t get past the screen lock at all, you have screen locking ransomware, which is a little easier to cope with than encrypting ransomware.
Take Steps to Clean Your Machine
If you have screen locking ransomware or scareware, reboot your system in Safe Mode and try a system restore. Then install and run an antivirus program that includes ransomware removal. This should be all you have to do to get rid of the malware.
If you’ve been infected with encrypting ransomware, you’re going to need to both clean your machine and try to get your files back. The fastest way to restore your files might be to pay the ransom, though you run the risk of paying and still not getting back access to your data. If you decide to pay the ransom, don’t attempt to clean your machine until you get your files back. If you decide not to pay the ransom and to try and get your files back yourself, it will be too late to recover your files by paying the ransom once you’ve run a ransomware removal program. Use antivirus software that features ransomware removal to clean your system.
Try to Get Your Files Back
You may still be able to get your encrypted files back after you’ve cleaned your system. Often, ransomware programs actually copy your files, delete the originals, and then encrypt the copies. So you may be able to use a tool like ShadowExplorer to recover those deleted originals.
If you can’t do that, you can probably find a free tool that will allow you to decrypt the files yourself. Use a tool like ID Ransomware to figure out the name of the ransomware you’re infected with, then go to No More Ransom to find the right decryption tool to restore your files. If you need help getting your files back (or getting the ransomware off your machine, for that matter), you can take it to any qualified computer repair technician for help.
Report the Crime
If you’re able to get your data back and don’t need to file an insurance claim relating to it, then you may be reluctant to file a police report about the crime. However, filing a police report when you’re targeted by cybercriminals helps authorities gain an accurate picture of how often these types of crimes are committed and how they’re impacting victims. And if you do need to file an insurance claim for your lost data, you’re going to need a police report to document the crime.
No one wants to see their device and data held for ransom by cybercriminals, but the good news is that you can usually recover from a ransomware attack without paying the ransom. All you need to do is remove the malware from your machine and restore your encrypted files, and your machine will be good as new.