RECOVERING FROM NASTY RANSOMWARE
WHAT HAPPENS IF YOU RECEIVE A RANSOMWARE DEMAND?
First, identify its type — there are those that block access to your PC, and others that encrypt data, then demand a ransom to release it. The former usually tries to trick you by claiming to have found unlicensed software or other illegal material on your PC, while the latter is more upfront.
Make a note of the Bitcoin wallet address used for payment demands, plus the file-list of encrypted data — should the private keys used by the criminals ever come to light, it may give you back your data. Next, verify you have a recent backup that’s safe and uncompromised (check on another PC).
Finally, you need to clean your system. Try running scans with your anti-malware tools to see if they can remove the infection. If necessary, reboot into Safe mode — hold Shift as you press the power button and choose Restart, which should bring up the Advanced Boot Options menu. From here, select ‘Troubleshoot > Advanced options > Startup Settings’ and choose option 5.
If the scans don’t help, try a dedicated removal tool — search for ‘ransomware’, ‘removal’ and anti-malware vendors, including Trend Micro and Bitdefender. If you can identify the exact form of ransomware, you might find a specific removal tool.
These tools tend to focus on ransomware that blocks access to your PC. If your files are encrypted by ransomware, in most cases you have to rely on your backup to restore them (but do so only after verifying that the infection has been removed). We recommend that you visit noransom.
kaspersky.com first, though — it has tools that can decrypt files from a wide range of data-scrambling ransomware infections.