What is ransomware and how do I remove it?

Ransomware Locked Folder Ransomware is a type of malware that prevents you from accessing files or displays a "lock screen" on your computer. It demands that you pay a ransom, in Bitcoin or other currency, in order to regain access to your files. Examples of ransomware include Locky, Scarab, Carote, Lilocked, Blower, Dharma, Coot, and CryptoMix.

Ransomware is often distributed as a trojan, which is malware disguised as a legitimate file. Common ways to receive ransomware include email attachments, Internet downloads, and network file transfers.

What does ransomware do to my computer?

Ransomware encrypts and often renames your files so you cannot open them. Once installed on your computer, the ransomware may display a lock screen with a message saying you must pay a ransom to regain access to your files. In some cases, it may be a fake message purporting to be from a government institution like the FBI or Department of Defense, stating you must pay a fine. It may also be a standard ransom note with instructions for how to pay the ransom.

Ransomware on a Laptop

Some ransomware only targets your files instead of locking your computer. This type of malware encrypts and renames your documents, such as .DOCX, .JPG, .MP4 files. It may replace the file extension with a ransomware extension, such as .LOCKED. Since the files are encrypted, you cannot simply change the file extension to open the files.

The ransomware may generate a plain text (.TXT) ransom note to inform you of the takeover and what you need to do to recover your files. The note may include the organization responsible for the takeover, the ransom amount demanded, and how to pay the fee to unlock your files. Ransom amounts range from less than $100 to several thousand dollars.

How do I remove ransomware?

If your computer is infected with ransomware, you have a few options:

  1. If you have a recent system backup, you can revert to a saved state before the ransomware infected your computer. You may need to reboot your computer in Safe Mode or from another startup disk (like a USB drive) to avoid the lock screen. This is the best option.
  2. If your files are stored in the cloud or on a backup device, you can reinstall the OS, then transfer your files back to your computer. This is a viable solution if you have not saved any snapshots of your system.
  3. Find a malware removal utility that can remove the specific ransomware installed on your system. The older the ransomware is, the more tools become available to combat them. Make sure to use a reputable utility, since not all antivirus software can remove ransomware.

Should I just pay the ransom?

FileInfo does not recommend paying a ransom for the following reasons:

  • There is no guarantee you will regain access to your files, even if you pay. Remember, these are criminals you are dealing with – often anonymous cybercriminals – so you have no reason to trust them.
  • If you pay a ransom, it reinforces the behavior of the criminal behind the ransomware attack, making you a more likely future target.
  • Paying a ransom incentivizes other criminals to use ransomware. This is one of the reasons the FBI does not recommend paying a ransom for any ransomware.

How can I prevent ransomware?

The best way to handle ransomware is to prevent it from infecting your computer in the first place. Three key things to remember:

  1. Never open email attachments from unknown senders.
  2. Never click links in suspicious emails.
  3. Never download or open files from untrusted websites.

It is also helpful to install antivirus or Internet security software on your computer. A good Internet security program can detect and eliminate ransomware threats before they take over your computer. This is especially important if you use Windows, the platform most commonly targeted by ransomware.

And of course — always have a recent backup. You can easily set up and automate backups using Windows Backup and Restore or Apple Time Machine. The safest way to back up your computer is to have both a local backup (an external hard drive) and a remote backup (stored online). In some cases, ransomware may affect your local backup, so backing up your data to a cloud service is a smart idea.