Rescue your PC from Ransomware

By Jeandre de Beer / Pc World

With the nasty CryptoLocker malware making the rounds lately— encrypting victims’ files, and refusing to unlock them unless victims pay $300 via Bitcoin or a prepaid cash voucher—ransomware is in the spotlight.

You can remove many kinds of ransomware without losing your files, but the process differs depending on the type of invader.

The simplest type, sometimes called scareware, consists of bogus antivirus or clean-up tools that claim they’ve detected umpteen issues, and demand that you pay to fix them.

Some specimens may bombard you with alerts and pop-ups, while others might prevent you from running programs.

In contrast, lock-screen viruses don’t allow you to use your computer, and display a full-size window—usually with an FBI or Department of Justice logo—saying that you violated the law and that you must pay a fine.

Finally, encrypting malware, such as CryptoLocker, is the worst variant, because it encrypts and locks your personal files until you pay up. But even if you haven’t backed up your files, you may still have a chance to recover your data.

How can you rescue your PC from Ransomware?

1. Removing ransomware

If you have a fake antivirus program or a bogus clean-up tool, you can usually remove it by following my general malware removal guide. The procedure includes entering Windows’ Safe Mode and running an on-demand virus scanner such as Malwarebytes.

If the ransomware prevents you from entering Windows or running programs, try to use System Restore to roll Windows’ system files and your applications back in time.

Doing so doesn’t affect your personal files. (System Restore must be enabled beforehand; Windows enables the feature by default.) To try System Restore, first shut down your PC.

Turn the computer on, and as soon as you see anything on the screen, press the <F8> key repeatedly. This action should bring up the Advanced Boot Options menu; select Repair Your Computer and press <Enter>. You’ll likely have to log on as a user. You’ll then find shortcuts to a few tools; click System Restore.

If you don’t see Repair Your Computer, use your Windows disc (if you have that) to access the recovery tools. Click Repair your computer on the main menu before proceeding with installation.

Alternatively, create a Windows System Repair Disc on another PC running the same Windows version, and then boot to that disc on the infected PC to reach the recovery tools.

If you still can’t get into Windows, try an “offline virus scan,” in which you run a virus scanner from a bootable disc or USB drive.

My favorite bootable scanner is from Bitdefender, but other major vendors also offer antivirus boot-disk software. Your last resort, if the above methods fail, is to perform a factory restore. Most ransomware isn’t that tenacious, however.

2. Recovering hidden files and encrypted data

If you’re lucky, the ransomware merely hid your icons, shortcuts, and files. To show hidden files, open Computer, press the <Alt> key, select Tools, and click Folder Options. On the View tab, select Show hidden files, folders, and drives, and then click OK.

If your data reappears, open Computer, navigate to C:\Users\, and open the folder of your Windows account name. Then right-click each folder that’s hidden, open Properties, uncheck the Hidden attribute, and click OK.

If you can’t find your data, however, and your files really have been malware-encrypted, you’re in trouble, because in such cases the decryption key is typically stored on the cybercriminal’s server.

Some victims have reported that some ransomware keeps its promise, decrypting and returning your files once you pay (CryptoLocker’s handlers, for example, have been diligent about this), but I don’t recommend paying. This is why you should back up your PC’s files on a regular basis.

If you previously created backups, first scan them for viruses on another, uninfected PC if possible. If all of your important files are indeed backed up, you can simply remove the ransomware and then restore your backed-up files.

If you don’t have a backup system, you might be able to recover some files from Shadow Volume Copies—if the malware hasn’t deleted them.

Shadow Volume Copies is part of Windows’ System Restore feature. Either right-click Select files/folders and open Properties to view the Previous Versions list, or use the utility Shadow Explorer to browse the snapshots.

3. Preventing ransomware infections

Avoiding ransomware is much the same as avoiding other types of malware. Run a good antivirus utility and keep Windows and various browser components (Java, Adobe plug-ins, and the like) updated.

Keep your browser clean to prevent adware invasions that could lead to malware infections. Be wary of email attachments and spam. (For example, CryptoLocker spreads via .zip files sent as email attachments.)

And just to drive the point home: Maintain a good backup system, in case your computer is victimized and you can’t recover your personal files.

IT Experts are specialists in this field –

contact us for any assistance that you need.

In a matter of minutes we can remotely log into your computer – safely and securely – to assist you with any issues you might experience. What is remote support? Click here to find out.

Rescue your PC from ransomware

Rescue your PC from Ransomware

1. Removing ransomware

2. Recovering hidden files and encrypted data

3. Preventing ransomware infections

IT Experts are specialists in this field –

Leave a Reply

Leave a Reply Cancel reply

About Us

Contact US

LATEST BLOG

OUR SERVICEs