The WannaCry ransomware infection that was recently spreading gave us a good reason to want to help you understand more about what ransomware is and what can be done about it. Ransomware is a variant of malware that takes over a computer, often encrypting personal files, and forces the user to pay a fee to restore access. These programs often impersonate official government agencies, or they may be straight forward with their intent. Either way, if you are a victim of a ransomware attack, it is not easy to regain access to your computer or files.
A good antivirus program will usually catch ransomware before it has the chance to damage your computer, but if the software’s library is not kept up to date, new viruses can slip in and infect your system. The most important thing to do when you encounter ransomware is to *not* pay the fine. You have no guarantee that the cybercriminal will restore your access after you pay. Instead, don’t panic; your files may be recoverable.
The first thing to do is attempt to restore from a backup to revert your system to an earlier state before the ransomware was installed. If you use backup software outside of Windows, it often can be run to recover your files. If you do not use backup software, you can use Windows System Restore to roll back your system to an earlier date.
If System Restore does not work, or has been disabled, you can run an offline virus scan by making a bootable disc or USB drive on another computer with software such as Avast, AVG, Avira, Bitdefender, etc. Be careful not to insert a USB drive into the infected computer while it is on however, as this can infect the drive and spread the virus.
If this does not work, the last resort is to perform a full restore or a clean reinstall of Windows; however, it is unlikely that ransomware would survive the above steps.
Once you restore access to your Windows, it may seem like you are missing files. If you are lucky, the ransomware was merely bluffing, and your files are not encrypted, they are just hidden. Hidden folders are not shown by default in Windows, and sometimes you can discover the “encrypted” files by enabling the setting that displays hidden files.
If your missing files are now showing, albeit slightly transparent, they are simply hidden and fully recoverable. However, if your files do not show up after you set Windows to show hidden items, they have actually been encrypted by the ransomware. If you do not have these files backed up anywhere, they cannot be recovered without the decryption key.
Ransomware is nasty and very unforgiving. Malware like this can easily be avoided by running any good antivirus program, keeping Windows up to date, paying attention to the sites you visit and what you download, and never downloading email attachments from unknown sources or that you do not expect to receive. Lastly, make sure to backup your system in case of the worst, regular backups may eventually prove to be the fine line between recovering from a serious infection and losing everything.