Far more frightening than a simple virus, a ransomware attack can be devastating to your digital life. One minute you are surfing along, the next minute your files are locked and inaccessible.
If you think ransomware has invaded your computer, you first need to determine if the infection is real or just a scam. If you see a pop-up screen warning you that your computer is infected, that you owe money to the IRS or the FBI is coming to arrest you, then you should take a picture of the screen and then try to dose it. If the pop-up doses and you can dose your browser and work normally, you are probably looking at a simple scam.
If you think the ransomware infection is just a scam, run a full virus and malware scan to make sure your system is clean. Once you have a clean bill of computer health, you can go back to your regular online activities.
If the screen appears to be locked, or if you cannot open and navigate through your files the ransomware infection is probably all too real. At this point, you will need to decide if you are going to pay the ransom and hope to get your files back or ignore the ransom demand and restore them on your own.
Having a backup copy of your data puts you in a much stronger position, so hopefully, you have copies of your files stored in the cloud or a backup device. If you do not have a backup and plan to pay the ransom, you must keep in mind that there are no guarantees Toe are working with a criminal, after all, so do not get your hopes up or assume they will return your files once the money changes hands.
If you plan to go it alone, there are several things you should do first. The first thing you should do is disconnect your computer from the internet and any external hard drives, thumb drives, and other backup devices If these connected devices have not been compromised, you can protect them from damage by disconnecting them promptly. If you can still access your computer, try running your antivirus and antimalware software right away. If you find any infections, use the software to quarantine and remove the problematic files. Keep in mind that if your system is already infected, running the scan could damage the impacted files so take this step only if you have already decided to use your backups.
If you cannot access your antivirus or antimalware software, you may need to boot your computer into Safe Mode. Just shut down your system and press the Power and S buttons at the same time. Once the machine is in Safe Mode, try to rerun the software and complete the quarantine and cleansing process. Once the antivirus and antimalware scans are complete, you can try to recover your encrypted files Some forms of ransomware make copies of your files, encrypt the copies and trash the originals so you may be able to recover those deleted files. There are a number of file recovery programs on the market, but free and paid, so that is a good place to start.
If this simple recovery attempt does not work, your antivirus manufacturer may still be able to help. Some software providers, including industry giants like AVG, Avast, McAfee and Trend Micro, have developed decryption tools capable of reversing the damage from many ransomware attacks.
Hopefully, these decryption tools will be able to recover the files held for ransom, so you can restore them and get on with your life. If that fails it is time to grab your backups and do a restore on your own. Before you attempt to do so, however, you will want to make sure your backups are not also encrypted. To make sure the backups are unencrypted, plug your backup device into another computer or ask an expert to check them for you. If the backups are good, you can just copy them back to your computer. If they are also compromised, you may need to have a professional try to recover them. Being the victim of a ransomware attack is never fun, but if you have been diligently backing up your files, it may not be the end of the world. In fact, that frightening ransomware attack may be little more than a scam. Even if the infection is real, there are things you can do to recover your files without giving your hard-earned money to the criminal. At the very least, that ransomware warning screen should be a wake-up call to start backing up your files every day.