M
muhammadashar3
Guest
Ransomware infection can be pretty scary. If you see a note appear on your computer screen telling you that the computer is locked, or that your files are encrypted, don't panic. Instead, take a deep breath, sit down and consider your options.
Find out what kind of ransomware you have
First, you'll need to determine whether you've been hit by encrypting ransomware, screen-locking ransomware or something that's just pretending to be ransomware. See whether you can access files or folders, such as the items on the desktop or in the My Documents folder.
If you can't get past the ransom note you see on your screen, you're likely infected by screen-locking ransomware, which is not so bad. If you see a notice claiming to be from the police, the FBI or the IRS that says you've been caught looking at pornography or filing false taxes and must pay a "fine," that's usually screen-locking ransomware, too.There are a number of steps you can take to try to regain control of your Windows system and files before you need to decide whether you'll pay a ransom.
Should you pay the ransom?
Most security experts, as well as Microsoft itself, advise against paying any ransoms. There's no guarantee you'll get your files back if you pay, and paying just encourages more ransomware attacks. (Don't pay the ransom for screen-locking ransomware, because you can almost always get around it.)
However, when you need to recover legal, medical or business records, precious family photos or other important files, paying $300 or so looks like a viable option — and most ransomware criminals do unlock the files after ransoms have been paid. So we'd rather stay neutral on the subject of whether paying ransoms is advisable or morally acceptable.
How to deal with encrypting ransomware
Because encrypting ransomware is the most common and most harmful kind, we'll deal with that first. Perform each of these steps in order, even if you know you've recently backed up your files. Stop when you've succeeded in recovering your files.
1. Disconnect your machine from any others, and from any external drives. If you're on a network, go offline. You don't want the ransomware to spread to other devices on your local network or to file-syncing services such as Dropbox.
2. Use a smartphone or a camera to take a photograph of the ransom note presented on your screen. If you can take a screenshot, do so as well. You'll want to file a police report later, after you go through all these steps.
3. Use antivirus or anti-malware software to clean the ransomware from the machine, but only do so if you are determined not to pay the ransom. (Otherwise, wait until you've recovered your files.) You may have to reboot into Safe Mode by pressing the power button and the S key on the keyboard at the same time.
Removing the ransomware will not decrypt your files, and it may kill your chances of getting the files back by paying the ransom. But it will let you carry out all of the following steps without the risk that the ransomware will encrypt new files or try to thwart the recovery process.
4. See if you can recover deleted files. Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Fortunately, you can often recover deleted files easily with tools such as the free DR Fone or the paid EaseUS Data Recovery
5. Figure out exactly which strain of encrypting ransomware you're dealing with. If the ransomware doesn't announce its own name, then try the Crypto Sheriff online tool or the ID Ransomware online tool. Both let you upload encrypted files and then tell you whether the encryption can be reversed. (In many instances, it can't be.)
6. See if there are decryption tools available. If you already know the name of the ransomware strain, cruise over to the list of decryption tools at the No More Ransom website and see if there's a matching decryptor. (The top two entries on the list, Rakhni and Rannoh, can decrypt multiple strains.) The list is not alphabetical, and new decryptors are added to the bottom of the list.
You could also try the individual antivirus companies' decryptor pages for brand-new tools that haven't yet migrated to the aggregated pages
1. Avast
2. AVG
7. Restore your files from a backup. If you regularly back up the affected machine, you should be able to restore the files from the backup.
However, you'll want to make sure the backup files weren't encrypted too. Plug a backup drive into another machine, or log in to one of the best cloud backup services, to check on the status of the files. (You should also make sure you have the installation media and/or license keys for all third-party applications.)
If all is good, you'll want to fully wipe the drive, do a clean installation of the operating system and then restore the files from the backup.
You could also just restore the files from the backup drive without wiping and reinstalling the OS. This might seem like less trouble, but it's not a good idea — you might leave some trace of the ransomware on the machine, even after performing a full antivirus scan.
If these methods don't work, you'll have to make a choice: pay the ransom, or give up the files.
8. If you're going to pay the ransom, negotiate first. Many ransomware notes have instructions on how to contact the criminals running the malware. If so, contact them and haggle for a lower ransom. It works more often than you'd think.
Once you agree on a set price, follow the instructions for paying. There's no guarantee that your files will actually be freed, but the more sophisticated ransomware criminals usually do live up to their word.
9. Give up on the files and reinstall the operating system. If you'd rather just cut bait, then you should do a full wipe and reinstallation of the operating system. Windows 10 lets you "factory reset" many devices, but with other operating systems, you'll have to use installation disks or USB sticks.
10. File a police report. This sounds pointless, but it's a necessary legal step if you want to file an insurance claim or a lawsuit related to your infection. It will also help authorities keep track of infection rates and spreads.
Conclusion
Simply put, ransomware is a type of malware that encrypts files found on a compromised system and then asks victims to pay a ransom to regain access to their own data.
The “ransom” money could be anywhere from a few dollars to hundreds of thousands of dollars.
Of course, there is never any guarantee that victims will recover access to their files even after they have paid. But, it makes sense to have the best ransomware protection solutions in place anyways.
We will have a look at all things ransomware in detail below, but if you just want to know which solutions offer the best defense, here is the list of the five best ransomware protection solutions:
Acronis Ransomware Protection Free solution that can go toe-to-toe with the best of the ransomware floating around the Internet today. One of the best solutions for zero-day attacks.
Malwarebytes Anti-ransomware Uses behavior analysis to uncover malicious intent; something no anti-virus can really accomplish.
Trend Micro RansomBuster Use this ransomware protection tool to tackle the problem by simply storing data and files in a secure folder and blocking all unauthorized access to it.
Webroot SecureAnywhere For users who want a precise tool that is both effective in fighting ransomware and goes easy on resource consumption. This tool is a perfect choice for individuals and small businesses.
Bitdefender Antivirus Plus By far one of the best anti-ransomware solutions out there. This is a full-defense suite for those who take their safety seriously – not just against ransomware.
More...
Find out what kind of ransomware you have
First, you'll need to determine whether you've been hit by encrypting ransomware, screen-locking ransomware or something that's just pretending to be ransomware. See whether you can access files or folders, such as the items on the desktop or in the My Documents folder.
If you can't get past the ransom note you see on your screen, you're likely infected by screen-locking ransomware, which is not so bad. If you see a notice claiming to be from the police, the FBI or the IRS that says you've been caught looking at pornography or filing false taxes and must pay a "fine," that's usually screen-locking ransomware, too.There are a number of steps you can take to try to regain control of your Windows system and files before you need to decide whether you'll pay a ransom.
Should you pay the ransom?
Most security experts, as well as Microsoft itself, advise against paying any ransoms. There's no guarantee you'll get your files back if you pay, and paying just encourages more ransomware attacks. (Don't pay the ransom for screen-locking ransomware, because you can almost always get around it.)
However, when you need to recover legal, medical or business records, precious family photos or other important files, paying $300 or so looks like a viable option — and most ransomware criminals do unlock the files after ransoms have been paid. So we'd rather stay neutral on the subject of whether paying ransoms is advisable or morally acceptable.
How to deal with encrypting ransomware
Because encrypting ransomware is the most common and most harmful kind, we'll deal with that first. Perform each of these steps in order, even if you know you've recently backed up your files. Stop when you've succeeded in recovering your files.
1. Disconnect your machine from any others, and from any external drives. If you're on a network, go offline. You don't want the ransomware to spread to other devices on your local network or to file-syncing services such as Dropbox.
2. Use a smartphone or a camera to take a photograph of the ransom note presented on your screen. If you can take a screenshot, do so as well. You'll want to file a police report later, after you go through all these steps.
3. Use antivirus or anti-malware software to clean the ransomware from the machine, but only do so if you are determined not to pay the ransom. (Otherwise, wait until you've recovered your files.) You may have to reboot into Safe Mode by pressing the power button and the S key on the keyboard at the same time.
Removing the ransomware will not decrypt your files, and it may kill your chances of getting the files back by paying the ransom. But it will let you carry out all of the following steps without the risk that the ransomware will encrypt new files or try to thwart the recovery process.
4. See if you can recover deleted files. Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Fortunately, you can often recover deleted files easily with tools such as the free DR Fone or the paid EaseUS Data Recovery
5. Figure out exactly which strain of encrypting ransomware you're dealing with. If the ransomware doesn't announce its own name, then try the Crypto Sheriff online tool or the ID Ransomware online tool. Both let you upload encrypted files and then tell you whether the encryption can be reversed. (In many instances, it can't be.)
6. See if there are decryption tools available. If you already know the name of the ransomware strain, cruise over to the list of decryption tools at the No More Ransom website and see if there's a matching decryptor. (The top two entries on the list, Rakhni and Rannoh, can decrypt multiple strains.) The list is not alphabetical, and new decryptors are added to the bottom of the list.
You could also try the individual antivirus companies' decryptor pages for brand-new tools that haven't yet migrated to the aggregated pages
1. Avast
2. AVG
7. Restore your files from a backup. If you regularly back up the affected machine, you should be able to restore the files from the backup.
However, you'll want to make sure the backup files weren't encrypted too. Plug a backup drive into another machine, or log in to one of the best cloud backup services, to check on the status of the files. (You should also make sure you have the installation media and/or license keys for all third-party applications.)
If all is good, you'll want to fully wipe the drive, do a clean installation of the operating system and then restore the files from the backup.
You could also just restore the files from the backup drive without wiping and reinstalling the OS. This might seem like less trouble, but it's not a good idea — you might leave some trace of the ransomware on the machine, even after performing a full antivirus scan.
If these methods don't work, you'll have to make a choice: pay the ransom, or give up the files.
8. If you're going to pay the ransom, negotiate first. Many ransomware notes have instructions on how to contact the criminals running the malware. If so, contact them and haggle for a lower ransom. It works more often than you'd think.
Once you agree on a set price, follow the instructions for paying. There's no guarantee that your files will actually be freed, but the more sophisticated ransomware criminals usually do live up to their word.
9. Give up on the files and reinstall the operating system. If you'd rather just cut bait, then you should do a full wipe and reinstallation of the operating system. Windows 10 lets you "factory reset" many devices, but with other operating systems, you'll have to use installation disks or USB sticks.
10. File a police report. This sounds pointless, but it's a necessary legal step if you want to file an insurance claim or a lawsuit related to your infection. It will also help authorities keep track of infection rates and spreads.
Conclusion
Simply put, ransomware is a type of malware that encrypts files found on a compromised system and then asks victims to pay a ransom to regain access to their own data.
The “ransom” money could be anywhere from a few dollars to hundreds of thousands of dollars.
Of course, there is never any guarantee that victims will recover access to their files even after they have paid. But, it makes sense to have the best ransomware protection solutions in place anyways.
We will have a look at all things ransomware in detail below, but if you just want to know which solutions offer the best defense, here is the list of the five best ransomware protection solutions:
Acronis Ransomware Protection Free solution that can go toe-to-toe with the best of the ransomware floating around the Internet today. One of the best solutions for zero-day attacks.
Malwarebytes Anti-ransomware Uses behavior analysis to uncover malicious intent; something no anti-virus can really accomplish.
Trend Micro RansomBuster Use this ransomware protection tool to tackle the problem by simply storing data and files in a secure folder and blocking all unauthorized access to it.
Webroot SecureAnywhere For users who want a precise tool that is both effective in fighting ransomware and goes easy on resource consumption. This tool is a perfect choice for individuals and small businesses.
Bitdefender Antivirus Plus By far one of the best anti-ransomware solutions out there. This is a full-defense suite for those who take their safety seriously – not just against ransomware.
More...