What to Do About a Ransomware AttackTECH
What to Do About a Ransomware Attack
Whether you’ve accidentally downloaded a file from an email, been hacked, or been infected through compromised files on your computer, ransomware can be detrimental to your files, your memories, and even your identity. Ransomware exists to encrypt data and then to extort a ransom in exchange for it, and typically uploads information to the web. Because many people keep single copies of emotionally or fiscally valuable files such as photos of family, banking information, or work files on their computers, attacks like this can be very damaging and many people pay up.
If this is you, try taking these steps first to recover your data and get your computer back. Unfortunately, there is no guarantee that these methods will work.
- Change Your Passwords – Many ransomware programs exist for the dual purpose of encrypting your files and for selling them on the deep web. Thieves take this data and use it for identity theft, to access email accounts and bank logins, and to steal credit card and other data. If your computer has been compromised, your very first step should be to change your passwords and security information (that could be accessible from your computer) to ensure the safety of your accounts.
- Don’t Pay the Ransom – While it may be your first instinct to just pay up and get it over with to get your files back, this should be your last resort. Unfortunately, paying for ransomware doesn’t necessitate that you will get your files back. Many hackers simply don’t care if you get your files back and won’t bother, others are just using a program they purchased or downloaded and won’t even known how to give you your files back. While you can consider paying a ransom, you should do so as a last resort when all other methods have failed. Ransom is often expensive (For example, the Locky Virus asks for about 0.5 Bitcoins, which translates to just over $200) and you will likely be much better off investing these funds in protecting your future data.
- Save What You Can – Most ransomware programs encrypt data slowly, which means that you may have a period of days or even weeks to save the rest of your data. Plug in an external hard drive, flash drive, or blank CD and copy over all of your currently unencrypted files to that hard drive. Keep in mind that doing so may compromise any data already on the hard drive so if you don’t have a blank storage medium, it may be best to skip this step.
- Don’t Run Your AntiVirus – While you can choose to run your antivirus program it is unlikely to do anything. If you do get it to work, which will likely be from Safe Mode, you will likely end up deleting all of your data if you remove the virus. Why? Most malware programs inject malicious software into encrypted files for just this reason, to ensure that if you do remove it, your files go with it.
- Figure Out Which Ransomware Program is On Your Computer – While some ransomware programs announce themselves with changing screensavers and instructions on where to go and how to pay up, others are much more subtle and will only give you the briefest of instructions. The best way to identify your ransomware program is to check the file extension used on the encrypted files. For example, Locky uses extensions like .thor, .locky, .zepto, and. odin as well as many others. There are several extension databases you can use, but the fastest way to find the name is to simply copy the extension, visit Google.com and search for it.
- Download a Ransomware Decrypter – There are many ransomware decryption program available and most of them are completely free. You can check our list of the top decryptors available here. Double check to ensure that you are downloading the right tool for your ransomware attack.
- Call the Police – The police actively investigate cyber crime in many areas and they may be able to help you get your files back.
- Pay the Ransom as a Case of Last Resort – If you cannot get a decrypter to work and you need your files back you can consider paying the ransom. However, this does not guarantee the return of your files.
Ransomware works by fully encrypting your files so that you cannot access them until they are decrypted. Unfortunately, while many decryptors do work, they may not be effective against modified or new versions of ransomware malware. For this reason, preventing an attack in the first place is usually the best way to keep your data safe. Click through to page 3 for help with preventing ransomware attacks. Or go to page 4 for our list of the top anti ransomware programs.