Ransomware attacks are on the rise, with numbers hitting record highs in 2021. While the big money still lies in holding institutions and government entities for ransom, there are still plenty of less ambitious criminals who are willing to try for a small payout from an individual who is panicking about losing work files, sensitive information, access to email, and family photos. You need to know what to do if you’re targeted.
The first rule of thumb, according to most cybersecurity experts, is to not pay the ransom. Most ransomware attacks targeting individuals set the ransom no higher than a few hundred dollars, because they know most individuals don’t have a lot of money lying around and because they’re counting on you panicking and paying the ransom without thinking, which you’re more likely to do if it’s a smaller amount.
But there’s no way to know for sure that you’ll actually get your data back if you pay the ransom, and in any case, do you really want to part with several hundred dollars if there’s another alternative? In most cases, you can get back your files and restore access to your device without needing to pay the ransom. Read on to learn more.
Make Sure It’s Not Just Scareware
Before you panic and start buying Bitcoin to pay off the ransom, you should check to make sure you haven’t just picked up some scareware. Scareware is malicious software that acts like ransomware by displaying a scary ransom message on your device screen. However, that’s where the similarities end. If you have scareware, you can get past the screen message and open your files, photos, and emails. You can safely ignore the scareware ransom note, and use any malware removal program to clean your machine.
Figure Out Whether It’s Just a Screen Lock or Actual File Encryption
Ransomware comes in two flavors, screen locking and encrypting. A screen locking ransomware does just that – it locks your screen, but leaves your files and data alone. That makes it easier to deal with than encrypting ransomware, which actually encrypts your files, photos, and email so that you have to either pay the ransom and get the numerical key that releases your data, or go through the process of cleaning your device and restoring your files yourself.
How can you tell the difference between the two? If it’s a screen locking ransomware, you won’t be able to get past the locked screen with the ransom note. If it’s an encrypting ransomware, you’ll be able to get past the ransom note, but you won’t be able to open photos, emails, or files on your system. Regardless of which one you have, you’re going to need to preserve evidence that you were victimized, so take a picture or screenshot of the ransom note before you move on.
Clean Your Machine
If you have screen locking ransomware, it’s pretty easy to recover your system. Disconnect your device from the network and from any other devices it’s connected to, including external harddrives. This prevents the malware from spreading. Then reboot your system in Safe Mode and run an antivirus with ransomware removal. If that doesn’t work, try a system restore.
If you have encrypting ransomware, use an antivirus with ransomware removal to clean your system. This will not decrypt your files – that’s an extra step. It will also remove the option to recover your files by paying the ransom, since you need to have the ransomware on your system for that.
Restore Your Data
In many cases, you can restore your encrypted data using a tool like ShadowExplorer. Usually, ransomware doesn’t encrypt your original files. Instead, it makes copies of them, encrypts the copies, and deletes the originals, so you may be able to recover those originals using these tools.
However, if you can’t get back deleted original files, you’ll need to decrypt the files on your system. To do that, you’ll need to know what kind of ransomware your system is infected with. Use a tool like ID Ransomware or Crypto Sheriff to identify the malware. Then you can find a free decryption tool for it at No More Ransom.
Of course, if you had your important files backed up and the backups didn’t also get infected, you won’t need to bother with any of this. In that case, it may be easiest to restart in Safe Mode and perform a system restore.
Call the Police
If you’ve been targeted by ransomware, you’ve been the victim of a crime, and you should file a police report. Doing so helps the police keep track of cybercrime, even if it may not result in an arrest. If you’re going to end up filing an insurance claim or going to court, you’ll need the police report as evidence that you were targeted.
Realizing you’ve been infected with ransomware can be scary, but try to stay calm. Your files and photos may not be lost, and you probably don’t have to pay the ransom. With the right tools, you can get your data back and keep your money in your pocket.