How to remove ransomware

Ransomware is a type of malware, or malicious software, that blocks a computer by encrypting / encrypting files. It is only after paying a ransom that you will be able to use the computer or files again. Other terms for ransomware are cryptoware.

Ransomware is very annoying and, in most cases, also dangerous for business privacy. For example, you may unknowingly lose your entire photo archive or music collection, including connected backups. Older ransomware variants only block the internet browser or computer startup. Criminals are increasingly targeting businesses and institutions because there is more money to be made there. however, as a home user you should still be careful.

How does ransomware work?

Ransomware is distributed like most other computer threats such as a trojan, backdoor or spyware.

When run on the computer, it encrypts all files on local and network drives.
From there, you can no longer open the files.
Then the ransomware creates a note or notice file in one each file.
This is a Text or HTML file with payment instructions.
It requires payment in the digital currency Bitcoin. This translates into hundreds or even thousands of dollars. After a delay, the amount of the ransom increases, the goal being to get you paid as quickly as possible.

The infection occurs through malicious files (usually in email attachments) or through a vulnerability on the PC caused by outdated software. In the latter case, the ransomware can gain access to the PC without you even having to click anything.
Suspicious files in emails include: Zip, EXE, JS, LNK, VBS, and WSF.
Besides, Word files that ask you to enable macros are also dangerous.

Finally, ransomware can also infect files on connected external hard drives or network storage with drive letter in Windows Explorer (like E :, F :, g :). So keep a separate backup from the PC.

Paying a ransom is not recommended but can be a last resort.
Unfortunately, files are often not recoverable in the event of a ransomware infection if you don't have a backup. Follow the next steps if your files are encrypted.
Data encryption cannot be canceled without the key. If you're lucky, there is a solution, though.

Threat typeRansomware, Crypto Ransomware
Example threat familyHow
STOP / DJU Ransomware
Phobos Ransomware
Revil / Sodinokibi
Threat detectionsTIME: Trojan-Ransom.Win32.Generic
Ransom: Win32 /
Win32: RansomX-gen [Ransom]
Win32 / Filecoder
Assumed functionalityEncrypts victim's files
Symptoms of the diseaseYou no longer have access to your files.
A note file with payment instructions is present in different locations of the system
Damage to the systemYou can no longer access your data
Crypto-ransomware sheet

How to remove ransomware from your PC?

In general, the ransomware does not stay resident on the PC.
Once the documents have been encrypted, it closes.
However, it is necessary to verify that the PC is not infected. Indeed, a botmaster was able to install it using a trojan already present on your PC.

To scan and remove viruses from your PC, follow our comprehensive tutorial:

How to recover files from ransomware?

The risk of data loss with ransomware is high, so it is crucial to prevent infection and back up regularly if it happens. Follow the tips below to reduce the risk of viruses and cryptoware.
Wait until a possible solution implemented by an antivirus vendor following the seizure of servers by the authorities.
The site recency all the tools for decrypt files.

Finally follow the security tips to avoid viruses and ransomware:

  • Install a good antivirus. Keep all software up to date, including the operating system, Internet browser, browser add-ons, and popular programs, like Adobe Reader.
  • Please do not click on attachments and links in emails unless you are sure they are reliable.
  • Do not enable macros in third-party Office documents, especially if the document asks you to.
  • Ransomware is often an executable .exe file disguised as another type of file, such as a PDF document. Turn off file extensions to see through the disguise.
  • And again: make backups. Backups are the only recourse to prevent all your data loss.