A quick guide to cleaning ransomware
How you clean ransomware depends on what kind of ransomware it is. With that in mind, here is a quick guide to cleaning ransomware and some tips about what to do to stop it from getting onto your computer in the first place.
Scareware and lockware
Scareware and lockware tend to be used to target consumers rather than businesses. This is because they work mainly on trickery rather than technology. Scareware simply displays a scary message and hopes that you will be frightened into paying the scammer. Lockware actually does lock your computer, but the lock can be easily removed if the victim keeps calm. As with scareware, the real power of the attack is in the message.
Scareware can generally be cleaned just by installing an anti-malware scanner and having it scan the computer. For lockware, boot up into safe mode, then try to install a reputable anti-malware program and have it scan your computer. If that doesn’t work, restore to a previous time point (i.e. before you became infected) and then install an anti-malware program and have it scan your computer.
Encryption ransomware is what people often mean when they just say “ransomware” as it’s the form of ransomware that tends to make the headlines. It encrypts some or all of your files and then demands payment for the decryption key. Cleaning encryption ransomware is generally very straightforward. Usually, all you need to do is install a reputable anti-malware program and have it scan your computer. The problem is that this does not undo the damage it has caused.
Cleaning encrypted files
The only way to clean encrypted files is to use the appropriate decryption key. If you are lucky, you may be able to find one online. Have a ransomware identifier analyze the ransom note and the sample files which are usually sent with it (to back up the attacker’s claims). This will generally be able to tell you which form of ransomware was most likely to have been used in the attack. You can then look online to see if there is a decryption tool.
Even if you find one, it’s best to keep your expectations low, because ransomware is frequently updated to keep it at least one step ahead of security tools. This means that in the real world you’re only going to know for sure if a tool is working when you see the results. If you can’t find a decryption tool, then you either have to pay the ransom (which is never advised) or accept the loss of your files - unless you have a data backup.
The importance of data backups
If you have a data backup, then, in principle, you can generally treat ransomware attacks as an inconvenience rather than a potential catastrophe. There are, however, a couple of points that could still catch you out.
Firstly, a local database is very vulnerable to compromise in the event of a ransomware attack. This is particularly true if you run an automatic backup system. What can easily happen is that the process of encryption is identified, correctly, as a change to the file and this causes it to be copied across to the local database, overwriting any healthy files which were previously there.
This means that you really need an off-site database as well and ideally you want to keep copies of your data across various time points in case there is a delay in recognizing that you have been the victim of a ransomware attack. You can reduce the cost of this by moving older backups to slower storage.
Secondly, if you store data unencrypted, then a ransomware attack could be used as a cover for data theft. Even if you pay the ransom, there is nothing to stop the attackers selling your data to boost their profits (likewise, there is nothing to force them to give you the decryption key). If you refuse to pay the ransom, they may choose to make their money by selling your data or they may choose to expose it on the internet to create trouble for you and intimidate future victims.
How to keep your computer clean of ransomware
It’s far better to keep your computer clean of ransomware than to have to clean up after a ransomware attack. The best way to do this is to invest in a reputable anti-malware program with an integrated firewall. To be clear, you want one from a proper security company, not just one of the default security apps bundled with the main operating systems.
Additionally, you want to ensure that all security updates are applied promptly. If need be, get a managed IT services provider to make sure that this happens.
Please click here now to start your free 30-day trial of Comodo AEP.