How do I get rid of ransomware?

(Have questions about ransomware? Corporate Armor has answers, and we can help. Reach out to us, call 877-449-0458, or just keep reading!)

Ransomware is not as new as you may think it is, but it’s definitely more sophisticated than ever. Corporate Armor can help you with this serious threat, and we can do so very economically. Respected names like AVG Antivirus can have you sleeping easy at night for as little as $23 a year per computer, for 10 computers.

If your security posture is more complex and demanding, Sophos Intercept X offers true enterprise-grade protection for about $51 a year, for up to 9 users. And it can scale up even to protect organizations of up to 1000 employees, for as little as $31 per license.

How did I get ransomware?

There are a number of ways ransomware can get in to a computer. One of the most common is a phishing spam. Attachments come to the victim in an email, looking leke legitimate email. Once they’re opened, they can take over the victim’s computer. This is especially true if they have social engineering tools that trick users into giving administrative access. Some other, more aggressive forms of ransomware exploit security holes. They infect computers without needing to trick users.

There are several things the malware might do once it’s taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files.

Most ransomware nowadays is directed at corporate targets that individuals, because they are more lucrative. But that can include small businesses, too.

A little history on ransomware

The first ransomwares encrypted the victim’s files, and held them hostage until a payoff of some sort was received. The early ones were easy to reverse for anyone who was computer savvy.

After a while, came ransomwares that locked people out of their desktops. Then, we saw the first law enforcement ransomwares. These would claim that the user had committed a crime, such as computer hacking, downloading illegal files, or even being involved with far worse things. Most of the ransomwares required a fine $100 to $3,000.

Average users did not know what to make of this. Many people believed they were really being investigated by law enforcement. These victims would question their own innocence and pay the ransom to make it all go away.

Later, encrypting ransomware re-surfaced. However, by now it was much more powerful. It used (and still uses) military grade encryption. And, it stores the key required to unlock files on a remote server. This meant that it was virtually impossible for users to get their data back without paying the ransom. This type of encrypting ransomware is still in use today.

Since then, ransomware for Mac and for mobile devices has become prominent.

Mobile ransomware typically displays a message that the device has been locked because of some type of illegal activity. Simply pay a fee, and your phone will be unlocked. Supposedly. Mobile ransomware is often delivered via malicious apps. To retrieve access to your phone, you will need to boot up in safe mode and delete the infected app.

If you’re infected with ransomware

Unfortunately, there’s no silver bullet solution if your files are encrypted by ransomware. But that’s not to say there’s nothing you can do. Not by a long shot.

In general, the thinking is not to pay the ransom. All that does is encourage cybercriminals further. First, you want to remove the infected device from the network completely. And that means physically unplugging the ethernet cable. Then, boot the system in Safe Mode plus launch a deep scan mode of the antivirus software. Afterwards, use the “Restore previous versions” option to restore your encrypted files. Then, check the status of Restore point. If it’s healthy, then attempt to restore your data from there. After that,
use Windows Unlocker to clean up your infected Registry.

Additionally, you may be able to retrieve some encrypted files by using free decryptors. Both Emsisoft and AVG have very good free decryptors.

However…

However, not all ransomwares have had decryptors created for them. Nowadays, many ransomwares are simply too advanced to yield easily to decryption. In fact, the newer the ransomware is, the more sophisticated it’s likely to be. Plus, it’s not always clear if the decryptor you’re using is for the right version of the malware. If not, you could actually further encrypt your files. Therefore, you’ll need to pay close attention to the ransom message itself.
And naturally, you’ll want to ask the advice of an IT specialist before trying anything.

No doubt about it, a ransomware attack is a serious situation. The very word “ransomware” has a way of putting a knot in your stomach. But they are not completely unavoidable. And, even if you fall victim, you are not without options. Being extremely vigilant about where you browse, and what emails you open, are two big ways to stay safe. In addition, backing up your data at regular intervals is critically important in your ability to avoid, or recover from, a ransomware attack.

Corporate Armor has other anti-ransomware options in addition to the free ones mentioned earlier. Highly economical choices like Sophos Intercept X and AVG Antivirus provide added protections not found in the open source anti-ransomware solutions. So why not email us, or call 877-449-0458 and let our experts help you craft a plan to keep from becoming another victim of ransomware? Thanks for reading!

Highlights

Keep your operating system patched and up-to-date
Don’t install software unless you know exactly what it is
Install antivirus software that detects ransomware as it arrives
Install whitelisting software that stops unauthorized applications from executing
Back up your files, often and automatically!