In the fight against an infection, both the type of ransomware and the time at which the attack is detected matter. Not all classes of ransomware can be removed, and it is not always possible to restore access to files that have been encrypted. We tell you about three ways in which you can fight against infection.

“We are committed to providing the best possible experience for our clients. We go above and beyond to make sure that they are satisfied with our services.”

Ransomware detection: the sooner the better

If you detect a ransomware infection before the extortionists demand money from you, you will have the advantage of being able to remove the malware. If you remove the ransomware, the information that has already been encrypted will remain in that state, but at least you will be able to stop the infection. Early detection will also prevent malware from spreading to other devices and encrypting even more files.

If you have backup copies of your information in a cloud service or external media, you can use them to restore the encrypted files. What if you don’t have a backup? In that case, we recommend that you contact the company that created your security solution. They may have a specific decryption tool for the ransomware that affected you. There you will find helpful resources for victims of ransomware, prepared by companies and organizations in the sector.

Instructions to remove encryption ransomware

If you have fallen prey to an encryption ransomware attack, you can do the following to remove the Trojan:

Step 1: Disconnect from the Internet

As a first step, disable all virtual and physical connections. Disconnect all wired and wireless devices, any external disks or storage drives, and all your cloud accounts. In this way, you will be able to prevent ransomware from spreading over the network. If you suspect other affected areas, complete the backup steps below for those areas.

Step 2: Investigate with the help of your security software

Use your device’s security software to run a virus scan. It will help you identify threats. If the scan detects dangerous files, delete or quarantine them. You can delete these files by hand or allow the antivirus to do it automatically. If you don’t have much experience, let the antivirus take care of it.

Step 3: Use an anti-ransomware decryption tool

If you have been infected with encryption ransomware, you will need a specific tool to regain access to your files. Kaspersky works around the clock to analyze the latest ransomware cases and provide decryption tools to help counter attacks.

Step 4: Restore your backup

If you have backups on an external drive or cloud service, create a backup of any files that the ransomware failed to encrypt. If you don’t have any backups, wiping your device and restoring your data will be much more difficult. To avoid this situation, it is advisable to create backup copies periodically. If you tend to forget about these things, add a reminder to your calendar or use a solution that creates backups and saves them to the cloud automatically.

How to remove lock ransomware

When ransomware locks the device’s screen, the first problem is to get to the interface of the security software. One possible solution is to start the computer in Safe Mode; In some cases, this mode prevents the screen locker from loading and gives the victim the ability to interact with the antivirus and attack malware.

To pay or not to pay, that is the question

Paying is usually not recommended. If the police choose not to negotiate with the kidnappers in real life, you should do the same if someone gets hold of your files. Why is it not recommended to pay? Because there is no guarantee that the extortionists will comply with decrypting your files. Paying, furthermore, is showing criminals that the business works and encouraging them to continue committing crimes.

If you plan to pay what they ask you anyway, make sure you don’t remove the ransomware. This will depend on the type of ransomware or what the criminal has in mind to decrypt your files, but you may need it to apply a decryption code. If you remove the malware early, the code you paid so much for may be useless. Now, if you are sent a decryption code and it works, then make sure, as soon as your files are decrypted, to remove the ransomware from your computer.