How to remove ransomware from Windows 10
Windows 10 is Microsoft's most secure operating system yet and is regularly updated. It is, however, far from immune to ransomware. With that in mind, here is a quick guide on how to remove ransomware from Windows 10.
Work out what kind of ransomware it is
Ransomware comes in three main forms, scareware, lockware, and encryption ransomware. The first two are most prevalent in the consumer world and are fairly easy to remove. Encryption ransomware is more prevalent in the business world and is a much nastier threat.
Scareware, as its name suggests, is a straightforward intimidation ploy. It puts frightening messages on the screen to try to trick the victim into calling for help, for which they have to pay. Just have a decent anti-malware program run a scan on the infected device and follow its instructions.
Lockware is a bit more of a pain as it blocks access to the computer itself. Boot into safe mode plus command prompt, restore to a previous time point and then install a decent anti-malware program and have it scan the device just in case.
Dealing with encrypted files
The best way to deal with encrypted files is to delete them and restore them from a backup. If, however, it’s too late for that then you need to identify what kind of ransomware it is and cross your fingers that there is a decryption tool available for it.
There are online ransomware identifiers that can analyze the ransom note and the sample files which generally come with it and determine which form of ransomware was most likely to have been used in the attack. They may also be able to tell you if there is a decryption tool available for it.
If not, or if they say there isn’t, then there is nothing to stop you looking online and hoping you get lucky. Even if you find a decryption tool, however, it’s advisable to wait and see if it works before you start celebrating. The sad fact is that ransomware is lucrative enough for its creators to be able and willing to put the effort into keeping it regularly updated so that it stays ahead of security tools.
Keeping ransomware off a Windows 10 PC
Ideally, you should not be asking yourself how to remove ransomware from a Windows 10 PC. You should be asking yourself how to stop it from getting on your Windows 10 PC in the first place. The answer to that is to use a robust anti-malware program with an integrated firewall and to make sure that all Windows 10 updates are applied promptly.
To be clear, using Windows Defender on its own is risky. It may be fine for light users, but if you’re using the internet regularly, have sensitive data on your computer or use your computer for any form of work, then it’s strongly recommended to boost Windows Defender with an anti-malware program from a company which actually specializes in anti-malware products.
The good news is that if you want a product for personal use, there’s a good chance you can get one for absolutely free. Businesses will generally need to look at paid products but even then you can get some excellent products at prices even SMBs can afford.
The importance of Windows 10 updates
Although there’s a lot that can be said in favor of Windows in general and Windows 10 in particular, Microsoft has yet to find a way to ensure that their updates process is always both hassle-free and risk-free. Windows 10 in particular is notorious for the June 2018 update which left many PCs dead in the water and needing a fresh installation of their operating system.
While this might be the most infamous example of Microsoft getting it wrong with its Windows 10 updates, there are plenty more to quote. For example, the May 2020 update has been called out for causing all kinds of (admittedly fairly minor) problems at a time when many people need their computers to work from home.
It is therefore entirely understandable that people may wish to hold off installing Windows 10 updates until they’ve had feedback on what they can expect from them. Just make sure that you limit this “waiting period” to a few days, a week at most. Leaving it for too long can open the door to ransomware attacks.