RE­COV­ER­ING FROM NASTY RAN­SOMWARE

WHAT HAP­PENS IF YOU RE­CEIVE A RAN­SOMWARE DE­MAND?

TechLife Australia - - SUPER GUIDE -

First, iden­tify its type — there are those that block ac­cess to your PC, and oth­ers that en­crypt data, then de­mand a ran­som to re­lease it. The for­mer usu­ally tries to trick you by claim­ing to have found un­li­censed soft­ware or other il­le­gal ma­te­rial on your PC, while the lat­ter is more up­front.

Make a note of the Bit­coin wal­let ad­dress used for pay­ment de­mands, plus the file-list of en­crypted data — should the pri­vate keys used by the crim­i­nals ever come to light, it may give you back your data. Next, ver­ify you have a re­cent backup that’s safe and un­com­pro­mised (check on another PC).

Fi­nally, you need to clean your sys­tem. Try run­ning scans with your anti-mal­ware tools to see if they can re­move the in­fec­tion. If nec­es­sary, re­boot into Safe mode — hold Shift as you press the power button and choose Restart, which should bring up the Ad­vanced Boot Op­tions menu. From here, se­lect ‘Trou­bleshoot > Ad­vanced op­tions > Startup Set­tings’ and choose op­tion 5.

If the scans don’t help, try a ded­i­cated re­moval tool — search for ‘ran­somware’, ‘re­moval’ and anti-mal­ware ven­dors, in­clud­ing Trend Mi­cro and Bitdefender. If you can iden­tify the ex­act form of ran­somware, you might find a spe­cific re­moval tool.

These tools tend to fo­cus on ran­somware that blocks ac­cess to your PC. If your files are en­crypted by ran­somware, in most cases you have to rely on your backup to re­store them (but do so only af­ter ver­i­fy­ing that the in­fec­tion has been re­moved). We rec­om­mend that you visit no­ran­som.

kaspersky.com first, though — it has tools that can de­crypt files from a wide range of data-scram­bling ran­somware in­fec­tions.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.