What To Do If Your Computer Is Infected with Ransomware

Last Edited: June 25, 2017 | Published: April 23, 2017 by

What To Do If Your Computer Is Infected with Ransomware

Ransomware has risen to be one of the biggest threats to our PCs today, and with good reasons. Virus creators have found a model that often works. Not only do they get to wreak havoc on computer systems around the world, they can often make a hefty profit while they do it.

However, if your computer is infected with ransomware, all hope is not lost. If you know what to do, you can often remove the ransomware yourself without having to pay the costly fees to get them to do it for you. Today, we will look at what ransomware is and the steps you can take to remove it from your computer without having to call up those crooks and pay those ridiculous fees.

What Is Ransomware?

Ransomware is essentially a type of computer virus or malware. Unlike some viruses that like to steal data or just delete important files on your machine, ransomware has a different approach. Scam artists using ransomware use it to try and extort money from you. The thought is you will pay to regain access to your important files and applications before just giving up and reformatting your hard drive.

The thing is, they are often correct. This is even more true with businesses. Recent studies suggest that businesses are even more likely to pay the fee to regain access to their systems because the cost of paying the ransom is often less than the downtime they will experience while they restore from a backup.

So What Does It Do?

ransomware-example

When you are infected with ransomware, a popup window will appear on your computer and you won’t be able to click on anything. There will be a message on the screen instructing you to call a number to and how much you must pay to fix it. To see how they look, have a look at the example above and the one right below.

ransomware-example-2

As you can see, these messages often look official and to a novice computer user can be pretty scary. In fact, I know several people who have paid the fees just because they were afraid of what might happen if they don’t.

When you are infected with ransomware, you won’t be able to click on anything else on your screen or access any of your files. If you reboot your machine, the message just pops back up as soon as you log on. In some cases, the ransomware may only affect your web browser, preventing you from using the Internet. But in worst cases, your entire access to your computer will be blocked by these nefarious applications.

Removing Ransomware

If this happens to you, what do you? Do you really want to contact a criminal and pay the ridiculous fees? I know I don’t. Luckily, you have many more options that just paying the ransom, but you have to know what you are doing. Let’s take a look at what you need to do to stop ransomware once and for all.

Preventative Measures

04-malwarebytes-premium-threat-scan-2

First, you should do everything you can to prevent your machine from becoming infected in the first place. This may sound impossible, but it is easier than you think.

Run Good Security Software

First, make sure you run high quality antivirus software such as Windows Defender, Norton Antivirus or Kaspersky. Once that software is loaded, make sure you run regular checks of your system and keep live protection on. Also, you need to make sure your definitions stay up to date at all times. This will prevent most of these types of threats from infiltrating your machine in the first place.

You should also consider purchasing a good antimalware applications such as Malwarebytes to scan for many malware threats that antivirus applications don’t look for during their scans. Just like your antivirus software, you should run it regularly and make sure it is always up to date.

Back Up Your System

While you can always reload all your software, your files are what is most important as they can be lost forever if you’re not careful. Always make sure you backup all your important files on your computer. This can include important work files such as Word of Excel documents, and even your pictures and videos. If you don’t want to lose something, back it up.

There are several ways you can do this. You can use an external hard drive, for example, to put all your files on. My personal favorite, however, is to use cloud storage such as Dropbox, Google Drive, or OneDrive. These services will help you back up your system automatically and even allow you to access all your files across multiple devices, making it an even more powerful solution for you.

Be Careful Where You Go and What You Open

Finally, you need to be careful where you go on the Internet. If you are going to your site that you aren’t sure about, don’t go there. At the same time, you should never open emails from someone you don’t know or those that contain links to strange sites. When it says “click here” in the email, pay attention to where the link is actually going. If it looks strange do you, don’t go there. Always go with your gut. If you think a link may be bad, don’t go there. It’s better to be more cautious than not cautious enough when it comes to the health of your PC.

Steps to Take if You Do Get Infected

No matter how many measures you take to stop an infection, sometimes things will slip by all your scanners. If you do get infected, let’s look at the steps you need to take to fix it.

Don’t Panic

First and foremost, don’t panic. Remember this isn’t unlike any other piece of malware or virus that you have encountered. Sure, it may seem scarier because of the Window it pops up, but it’s really no different.

Identify the Seriousness

Not all ransomware is created equally. Some will only infect your browser, for example. While others will lock up parts of your system but still others completely lock you out of everything. Most fall into the first two categories and can easily be removed, while the final one can be a little more difficult.

Browser Ransomware

If you have browser ransomware, use these steps to get rid of it.

  1. Reset your browser back to its default settings. The process differs between browsers but should be easy enough to find in the Settings section of the browser.
  2. Run your antimalware and antivirus software.
  3. Reboot your computer.

This should remove the ransomware on your browser. If it doesn’t, try uninstalling the browser and reinstalling it.

Computer Ransomware

Follow these steps to remove the ransomware that is popping up outside your browser on your computer.

safe-mode-and-other-startup-settings

  1. Reboot your machine in safe mode by holding the shift key down when you restart your system. During the reboot process, choose safe mode in the options.
  2. When it loads, see if the ransomware runs. If it doesn’t, run both your antivirus and antimalware software. This should remove the bad software.
  3. Reboot your computer.
  4. Make sure the ransomware doesn’t run.
  5. Rerun both your antivirus and antimalware software and remove anything that it finds just to be safe.

If All Else Fails

If following these steps doesn’t work, chances are you have one of the really nasty ones out there that is smart enough to completely lock you out of your system. If you followed all the preventative measures we talked about above, you shouldn’t have to worry about losing your files. Using another machine, create a bootable Windows USB and reformat your computer. This will remove everything from your machine so be prepared to reload all your software and copy your files back to the machine.

This process will take the most time, but it is one of the easiest ways to make sure all the nasty software is removed from your computer.

Whatever You Do, Don’t Pay

I know it can be tempting just to pay the small fee to have your files released on your computer, but DON’T DO IT! I don’t care how important your files are to you, paying them only encourages them to build bigger and badder pieces of ransomware. On top of that, there is no guarantee that they will actually release your computer. They may just take your money and run, leaving you a few hundred dollars poorer and still no access to your files.

Wrapping It up

Ransomware has been a growing problem for IT administrators and home users alike. Today, it is one of the biggest threats in computer security. As an admin myself, it seems any calls I get for viruses are usually ransomware. Personally, I find them more annoying than anything else, and haven’t had too much trouble removing them when needed, but it does take time. After all, virus and malware scans can sometimes take hours to run so they end up costing users and businesses money whether they pay the ransom or not.

Remember, preventing the infection is your best defense, so always run high quality antivirus software and back up your system. If you don’t, you could be in for a rude awakening.

Have you ever been infected with ransomware? If so, tell me about your experience in the comments below.

About the author

Matt

Matt is an IT professional with over fifteen years experience supporting network infrastructure and computers. An avid gamer, Matt enjoys his time playing and writing about his experiences both in the IT world and in the gaming communities. You can find more of his writing for LaptopNinja where he enjoys talking about everything tech.


See all posts from Matt