How to Recover From a Ransomware Attack

Viruses, malware, and hackers can be a serious problem. It is terrifying to learn that something you love so dearly has been commandeered by someone else. No ― I’m not talking about your children or your spouse; I’m talking about your computer. Ransomware is a relatively new and particularly insidious type of malware that locks away particular computer files or systems until you perform desired actions, such as sending money to the cyber criminals. Because so many computer users are unfamiliar with the signs of ransomware, many comply with its requests, making the malware effective ― and increasing its likelihood to strike again.

When your computer gets taken by ransomware, you don’t know who the hackers are. You probably don’t know what they want. However, if you act calmly and decisively, you can show them that you have acquired a particular set of skills that make you a nightmare for hackers like them.

Hopefully you will never have to deal with this. Keep your virus software up-to-date, and be careful how you use your computer. But, in the even that it does happen, here’s how you can possibly recover.

Step 1: Don’t Click Anything Strange

When you first see a confusing dialog box or interesting link, you might be tempted to click the link or button provided. When you are aware that something is going wrong with your computer, you might feel relief at some strange program’s offer to help. DON’T DO IT!!

Unfortunately, clicking haphazardly will only make your situation worse. While ransomware has control over your computer, you should avoid clicking any buttons or links that are unfamiliar. Instead…

 

Step 2: Disconnect Your Device From the Network

Whether you’re home or at work, you don’t want the malware to spread across your network. As soon as you think malware might have hold of your device, disconnect it from the network. You should disconnect it from any ties to other machines, including the Internet.  A quick way to do this in Windows 10 is to click on the WiFi icon in your Systray and click on WiFi to turn off the WiFi radio. If you are connected via an Ethernet cable you can quickly unplug the cable from your computer. Neglecting to do this could compound the problem, giving cybercriminals more opportunities to wreck havoc on your computer.

 

Step 3: Scan for Viruses & Malware

Once you are disconnected from the network, it’s time to troubleshoot. First, save any important documents, emails, or other files that you may have been working on. Next, turn it off. Hold down the power button until it turns off. Then, try to reboot your computer in Safe Mode, so you can access programs that will save you. As soon as you have access to your device without the troubling dialog boxes of ransomware, you should run a virus scan. Hopefully you have security software with ransomware virus removal properties that can run offline to clean up your system for good. If not, you might use another device to download such software onto a flash drive, and then you can run the program offline from the disc.

 

Step 4: Do a System Restore

If scanning for viruses and malware don’t seem to get the trick done, you may have to take more drastic measures and restore your system. Once in Safe Mode, you should try to restore your system to a previous time ― before you were plagued by ransomware. Every Windows OS has a version of System Restore enabled automatically, so unless you manually shut it off, you should have restore options available.

To access System Restore, you should access the Advanced Boot Options screen ― which is the same screen you used to reach Safe Mode ― and select Repair Your Computer. System Restore should be one of the options, and running it will cause your computer to restart in an older version, before the ransomware sank its hooks into your device.

 

Step 5: Check Your Files

If you can’t find your icons or locate your files, you were probably infected by one of two particularly nasty forms of ransomware: Either the virus merely hid your saved files (and deleted desktop shortcuts leading to them) or it encrypted them, preventing your device from finding them without serious work.

Finding hidden files is easy. Open File Explorer–>Computer or This PC. Click the View tab at the top of the Window, and click Hidden Items.

If a sizeable list generates, then there is a simple solution to your suffering: Right-click each hidden folder, open Properties, and uncheck “Hidden.”

Unfortunately, if your files don’t show up as hidden, your data has been encrypted. The bad news is the encryption key is kept by the cybercriminals who took your device hostage in the first place. There is likely no way to regain control of your files ― unless you cooperate with the crooks and do what they ask. Instead, you should take this as a lesson to frequently back-up your files to the cloud or an external hard drive.

 

Step 6: Don’t Let It Happen Again

At all times, you should have a firewall and Antivirus and Malware protection running on all your devices. You must remain vigilant for potential threats, thinking twice before clicking any link or downloading any application. You should stay up-to-date on updates and patches for your software and operating system, as vulnerabilities allow hackers back-doors to take control of your machines.

If you haven’t experienced a ransomware attack yet, you probably will soon (hopefully not). Fortunately, ransomware makes up only a small percentage of all cyber attacks. Careful planning and preventative measures are the best way to ensure you bounce back after a ransomware attack, or even better, that you never get one! Itt is never too soon arm yourself with strong anti-malware software.

You should also see my post 10 Things to Do When Your Windows PC Behaves Badly.

Kris McDonald is Chicago mom to 2 sets of twins, photography nut, gadget addict, travel addict, and tech blogger who has worked in IT for over 16 years. Kris figured out a while ago that she was destined to be really busy (hence the 2 sets of twins), and she has found peace with that. Read More
  • Renee Townsend

    One of my clients was hit by ransomware. She paid the ransom. Later she was hit again for a larger sum. She was distraught.