What to Do If Your Computer Gets a Ransom Letter
Ransom notes used to only be something you saw in movies. When the bad guys kidnapped John McCane’s daughter in Die Hard, for example, they demanded a large sum of cash for her safe return.
Today, ransom notes are digital and it’s our data that’s being held hostage.
This type of hacking is often called ‘ransomware’ and it’s now one of the most prevalent modes of online fraud, providing lucrative cash flow for e-criminals worldwide.
Let’s dive into what ransomware is, how hackers gain access to your computer, and what you can do about it.
What Does Ransomware Look Like?
Picture the scene. You’re working away on your computer. Suddenly, you can’t open your Master thesis files. Now your treasured holiday snaps are unavailable—not to mention your stock inventory and orders log. They’re there on the computer but they just won’t open. In extreme cases, you might find yourself completely locked out of your computer or website.
Worst of all, you get a message that you need to pay someone in order to regain access to your files.
If you’re in this unfortunate position, don’t panic—and for heaven’s sake, don’t start buying cryptocurrency to pay the ransom. Instead, follow the guidance in this post to get your computer or website back on track.
What is Ransomware?
Dummies Guide describes ransomware as”software that scrambles files and demands a payment before unscrambling.”
That’s the bones of it.
Ransomware is one of the most aggressive types of malware to date. It’s in fact so common that it rarely makes the news unless an entire company or governmental agency state department is taken out.
Anyone can be the target of ransomware. As long as you are using a computer, you are not exempt from the threats of ransomware.
Ransomware is often spread through social engineering techniques. Spoofed emails deceive people into opening malicious attachments. Hackers also trick people into downloading malware using legitimate social media platforms.
Seemingly harmless comments on Twitter or Facebook include a link leading victims to a so-called ‘drive-by download’ trap and then to an ‘infected’ website. Visiting that website triggers malware embedded in the site to download onto the user’s PC, all without their knowledge.
Looking to cover their tracks, hackers then demand payment via an online payment system that police can’t trace. The most common payment methods are cryptocurrency or Ukash.
Is it Ransomware?
First up, let’s be sure your computer has ransomware, not any other type of malware. With ransomware attacks, you’ll experience one of two things: a locked screen or inaccessible files. If one of these scenarios sounds familiar, chances are you’ve got ransomware. Let’s look at each in turn.
- Scenario 1. Encryption ransomware – Your Windows computer is telling you that “Windows can’t open this file,” or that the file is of an “Unknown file type.”
Mac users hit with ransomware are advised there is “No associated application,” or “There is no application set to open the document.”
Encryption ransomware can access everything on your computer. That includes all your personal data, documents, files, and photos, and website files. If the hacker takes your website files hostage, the landing pages may display a message other than the one expected.
Irrespective of your operating system, denial of files is a sign of suspicious activity. Chances are, you will receive an email or a desktop notification of how to get these files back.
- Scenario 2 – You’re locked out of your computer and can’t get past an error message in a central place on your screen. The text you see depends on the ransomware author. Some claim to be from a law enforcement agency, an e-crime unit or an anti-fraud group. The usual line is that your computer has been used for illegal activities. So what’s next? You’ve guessed it. You have to pay a fine to have your computer or files back.
If either of the scenarios above looks familiar, it seems like you’ve got a ransomware problem.
Should You Pay?
It’s generally frowned upon to entertain a hacker by paying their ransom. Experts agree that hackers can use the money to fund other criminal activities. What’s more, you may be incentivizing them to keep going with the scam.
While things might feel desperate right now, resist any urge to pay just to have done with it. Think about the risk that even if you decide to pay, it’s unlikely the hacker will decrypt the files for you. And really, why should you hand over your money to criminals?
What To Do If You Are Infected with Ransomware
If you do contract ransomware, the best thing you can do is remain calm and follow these steps to limit the damage.
- Disconnect your computer, laptop, or any other affected gadget from the Internet. At this moment, the malware may be trying to send your data to the cyber scammer.
- Note down any information available about the virus and files affected, especially any files are flagged by your security software or operating system. Failing that, check the malware message date, and if possible, make a note of the date the affected files were changed. This information is essential if you wish to backup your computer to an earlier (safer) version.
- Use another computer or tablet you believe is safe to search for details of the virus online.
- On this separate, safe device, change the passwords for any account logged into on the affected device.
- At this point, you might think about consulting the help of a security expert. A specialist may have the skills to discover more details about your specific ransomware problem.
How Do You Get Rid of Ransomware?
Take a deep breath and follow these steps:
1. Identify Type of Ransomware
First up, you need to figure out the type of ransomware you’re dealing with. With this information, you can check whether a security company has created an antidote.
Often ransomware identifies itself. For example, many authors proudly go by a pseudonym you can run past Google. If that’s not obvious, look no further than ID Ransomware or Crypto Sheriff by the ‘No More Ransomware!’ project. With these sites, you should have no trouble pinpointing the problem.
2. Report to Authorities
Now you know what you’re dealing with, you can report the attack to the authorities. This step is a no-brainer. You’re not only doing potential victims a favor, but you’re also helping out the FBI.
As you can imagine, the FBI takes blackmail and fraud pretty seriously and urges victims to report it. Reporting an attack of this nature provides law enforcement agencies with a better understanding of the latest online threats. Witness accounts also justify ransomware investigations going forward, which helps everyone out.
Depending on the country, there are different options to report ransomware. US residents can file a report with the FBI via the Internet Crime Complaint Center. You can also contact your local law enforcement agency in your city/ area and report your case to them.
3. Weigh Your Options
OK, you’re aware of your first option by now—to pay or not to pay. We’d encourage the latter for the reasons mentioned above. That leaves you with the following alternatives:
- Option 1. Try to remove the malware. This involves taking some extra steps to identify what you’ve been hit with to remove it correctly.
- Option 2. Alternatively, you can wipe your system and start from scratch (losing all your data). Ransomware has a bigger sting in its tail. Among security experts, It’s contested whether you can completely remove an infection. With the number of new ransomware variants rising by the day, it’s impossible to expect a decryptor for every known version.
The only way to be absolutely sure all traces are gone is to do a complete wipe of your OS and reinstall everything.
4. Remove the Ransomware or Restore from a Backup
The next step you take depends on whether you have access to your computer’s hard drive or not.
Follow the method that applies:
- If your PC hard drive is accessible – It’s possible to install software programs designed to remove ransomware. There are plenty of free apps to programs to keep ransomware at bay free of charge. Ransomware decryption tools are designed to unlock your encrypted files (instead of paying). Software like Avast provides details like what extension you’ll see on decrypted files and an example of the type of message the virus authors send.
Once you have downloaded the appropriate tool, it will guide you through the step to wiping out the ransomware. File decryption can take anything from a couple of minutes to several hours depending on the complexity of the encryption at work.
- If you are locked out of your PC – There is hope to get your files back, even with a locked computer. To release your locked PC, there’s a secret weapon: Trend Micro Ransomware Screen Unlocker Tools.
Take back control by booting up your computer in ‘Safe Mode’ with Networking. Once it’s installed on the affected PC, reboot the standard way (launching your locked screen). Then hold the keys [Ctrl]+[Alt]+your computer [T]+[I] to launch the ransomware scan and removal.
If you’re struggling to access Safe Mode with Networking via the BIOS menu, download an alternative version of the tool on an uninfected computer. Save it on a USB stick which is used to boot the locked machine. Once triggered it will perform a ransomware scan and remove any that it detecting, and release the PC.
- On a Mac? – It’s widely documented that the majority of ransomware victims are Windows users, but Mac fans aren’t completely home safe. The KeRanger ransomware virus circa 2016 was the first to successfully target the OS. It was quickly contained thanks to Apple’s built-in anti-malware program ‘XProtect.’ Following this attack, Mac ransomware is no longer theoretical. If you suspect your Mac is infected, refer to this guide for instructions on how to rescue your Mac.
Instead of removing the hacker’s malicious software, you can simply restore your computer back to a safer version. If you have backups to fall back on, fantastic. Your OS settings and other essential files can be reinstated to a time before you got infected. To get the latest clean version of your data, refer back to step one, where you determined the date of infection as accurately as possible.
- To restore Windows – To restore Windows to an earlier version, follow the instructions from the Microsoft support team found here.
- To restore Mac OS– To restore to an earlier backup of your Mac, follow these instructions.
If on the other hand, you’ve decided to wipe your system clean and start again, here’s what to do.
- To reinstall Windows – the steps to reinstall Windows can be found here.
- To reinstall Mac OS – following these instructions from Apple’s tech support.
How to Prevent Ransomware
You’ve seen first-hand what’s at stake when it comes to ransomware. Now you’ve removed it from your system, how do you make sure it stays that way? Or if you haven’t fallen victim yet, how do you make sure it never happens to you?
The best way to protect yourself from ransomware is to prevent it from getting on your computer in the first place.
- Always run reputable antivirus software. Small businesses might benefit from tools designed with them in mind. Kaspersky Anti-Ransomware Tool for Business, for example, is designed to prevent infection in the first place rather than having to act out the steps earlier on this page.
- Make a concerted effort to keep everything up-to-date. Your operating system, antivirus software, and all browser-related components (Java, Adobe, and the like). It’s easy to click away from those annoying pop-ups asking to install a new update. These often include security patches covering the latest security vulnerabilities.
- Keep your web browser clean of any junk. This covers anything that could invite adware that leads to malware infections. If you’ve got junk toolbars and add-ons, make sure they’re legitimate.
- Only open emails from recognized senders and use caution before opening or clicking on any links or attachments. It’s a good idea to verify the URL before clicking on any links found in an email too.
- To protect yourself from the fallout of a future attack, always have a sound backup system in place. Then you can simply revert back to a recent (clean) version.
- Be extra wary of text messages (SMS) claiming to be from your bank. Never send any personal data over text.
- Read our guide to “avoid being a victim of ransomware” for best practices going forward.
Have you been a victim of ransomware? Let us know in the comments, as well as any suggestions you might have for others in the future.
This has been a very helpful article. These types of hacking happen quite often but is not talked about very often or list the steps to take in the event someone faces Ransomware. Great job team Namecheap.