Ransomware is a type of malware that is delivered through your computer system through infected email attachments, drive-by-downloads, socially engineered malware, malvertising, or unknowingly via hacked websites. Once on your system, ransomware gets to work and starts encrypting and locking down your files.
It then makes a demand to you, usually via a pop-up on your computer screen asking you to deliver a ransom in currency or by BitCoins, in exchange for a key that will unlock your inaccessible files, folders, and data.
If you do not pay the Ransomware cyber-criminals within the stipulated time, they will threaten to post your data publicly or increase the ransom payment amount. They may even threaten to erase all data and render your business computers inoperable or render the machine unbootable by overwriting the Master Boot Record
In case you find that your computer has been locked by ransomware, you should take the following steps:
1] If your computer is part of a network, remove the infected system from the network
2] If you wish, you can create a copy of your disk or the impacted files for analysis later on., which may be needed for decryption of files.
3] If you have healthy system restore point, see if you can go back and see if that works for you.
4] If you have recent backups of your data, even better. Format and clean reinstall Windows and restore your backed up data to make a fresh start.
5] See if you can use the Shadow Volume Copy Service feature to recover older versions of the files. Freeware ShadowExplorer may make things easier.
6] Boot into Safe Mode and run your antivirus software deep-scan and hope that it is able to disinfect your computer. Chances are it won’t, but no harm in trying.
7] Next, identify the Ransomware which has infected your computer. For this, you may use a free online service called ID Ransomware.
8] If you are able to identify the ransomware, check if a ransomware decrypt tool is available for your type of ransomware. Then take the help of one of these ransomware decryptor tools which are presently available.
9] If the Ransomware totally blocked access to your computer or even restricted access to select important functions, use Kaspersky WindowsUnlocker as it can clean up a ransomware infected Registry, and gives you access back.
10] Maybe you want to take the help of CryptoSearch, a free tool that identifies Ransomware-encrypted files & then transfers them to a new location for safe–keeping.
11] While it is easy to recommend not paying the cyber-criminals if your data is critical and you have no choice but to have access to it back, paying the ransom is the only option you have. Many have done this, unfortunately – although they do not like to acknowledge this publicly. But this is the hard fact of life. So you or your organization will have to take a call on this. In any case, you may want to also alert the cyber law enforcement authorities in your country.
12] Finally, remember to report your ransomware case to your local cyber crime cell, police authorities or the FBI. This link will tell you where you can report ransomware.
Once you have decrypted the files and removed the ransomware, you may use RansomNoteCleaner to remove the Ransomware Notes & other residual junk left behind.
No comments:
Post a Comment