Don’t Pay Up – How To Beat Ransomware!

Ads by Google

how to beat ransomwareJust imagine if someone showed up on your doorstep and said, “Hey, there’s mice in your house that you didn’t know about. Give us $100 and we’ll get rid of them.” This is the Ransomware Scam in its original form. There actually used to be people that would go around, let pests into your house and then knock on your door and point them out to you. “Good thing we saw them while driving by!”  This scam must be making someone some good money because it’s still going on.

The scam needs a few things to be successful. First, the problem must be real. Whether the crook is putting mice in your crawlspace or malware on your computer, there is a real and verifiable threat. Second, they have to make themselves look like credible experts to make you think they can solve the problem. This could be an exterminator truck and coveralls, or the illegal use of an official logo like the RCMP. Third, they need to get your cash in hand quick before you can realize what’s going on. The exterminator might do this by saying something like, “Just give us $100 cash and we don’t have to charge you for a service call because we were already in the neighbourhood.” The online crook will take your credit card or a gift card.

Where things really take two different tracks between the real-life con and the online con is what can happen after you’ve paid them off. The real-life scum generally disappear, never to be heard from again. The online scum may leave behind malware that opens you up to them again and again. Or if they got your credit card and other personal information, they may just ruin your life as you know it.

First Things First

Yes, you’re going to get the whole “an ounce of prevention is worth a pound of cure” speech. Why? Because it is true.

Make sure that you are using a full gamut of security software – anti-virus, firewall, anti-phishing software, what have you. There are plenty of freeware versions out there that are very good. Make sure that all of your security software is up-to-date, and all the important security updates for your operating system are installed. Make sure that you are using your computers System Restore utility or back-up software. Try to stick only to reputable websites, don’t download pirated materials, and only open attachments that you are expecting to receive.

But, unfortunately, if you’re reading this, you probably missed a link in that chain somewhere. So what now?

Ads by Google

Is It Ransomware?

So how do you know you’re being taken? Here’s a few clues:

  • Microsoft does NOT make house calls.
  • The police DO make house calls.
  • The software that the ransomware claims to be is NOT the security software that you installed.
  • Helpful people don’t disable the rest of your computer until you pay them.

If any of the above apply to your situation, you just might have ransomware.

how to beat ransomware

Now What?

Force your computer to power down. Most often this can be done just by holding the power button down for a few seconds. Before you get ready to power your computer up again, be ready to hit the F8 button. What I normally do is hit the power button and start tapping the F8 key about once a second until I get a text screen like the one below.

best ransomware removal

Now, chose Safe Mode with Command Prompt. You’ll see some text go flying by and eventually you’ll just see a line of text with a cursor blinking at you. At this point, type this in and hit Enter:


best ransomware removal

Why do you have to do this from the command line? You might not have to, but the most recent and virulent police/RCMP/ukash ransomware only seems to be able to be defeated in this manner. The command line mode of Windows only loads the MOST essential services and does not connect you to your network  or Internet connection.

Once the System Restore utility opens, hopefully you’ll have a few restore points to choose from. Choose one that is definitely a time before you got the ransomware. Follow the prompts to restore your Windows installation to that point in time. The restoration process might take a little time, so relax.

best ransomware removal

Reboot your computer and allow it to go into Windows normal mode. That’s done by just sitting back and letting the computer do its thing. The ransomware should now be gone.

Run your antivirus software and perform as thorough a scan of all your hard drives as possible. This might take a little while so relax and have a fine beverage.

Once this is all done, you may want to scan your computer with another antivirus program. Let’s face it, yours missed it the first time.  ClamWin is a decent one that can be run from a USB drive.

I Disabled System Restore

Why? I bet you feel a little silly now, don’t you? Fret not, there are still ways to remove this ransomware. You’ll need the following:

  • An empty USB drive or CD to which you can burn files.
  • A computer with an Internet connection that is not infected.
  • A little patience and courage.

Get on the Internet and look for Windows Live Repair CD’s. There are a bunch of them out there, but any of the ones that Justin mentions in his article, Three Live CD Antivirus Scanners You Can Try When Windows Won’t Start. They are all EXCELLENT choices. I keep all three in my IT toolkit.

If you’re looking for bootable USB tools, you can try Dave’s article The PC Repair Toolkit in your Pocket: Boot CD on a USB Stick. Sure the article is from 2008, but the method and software are still valid and works like a charm.

How Do I Use The CD Or USB Drive?

Before you power down your computer, you want to put the CD into your CD drive. If you are using the USB drive option, wait until the computer is powered down to insert it.

Now restart the computer. As it is restarting you’ll need to tap the button that will give you the Boot Menu. On my Acer, it’s F12. It may be different on your computer. Once you get the boot menu, choose to boot from the CD/DVD drive or the USB drive – whichever applies to you.

how to beat ransomware

Your computer is going to use the USB or CD drive as its operating system, so don’t expect to see anything like Windows. Use the antivirus software that is on the USB/CD to give a complete and thorough scanning and cleaning of your computer. Follow the antivirus software’s recommendations, which will usually be to delete the offending files. This process may take anywhere from 20 minutes to a few hours depending on the size of your hard-drive and the boot CD/USB that you are using. You can’t wander away though, stay there to respond to the alerts.

Once the process is done, log out of the USB/CD boot software, remove the USB/CD, and reboot your computer. You should now be ransomware free. If you are confident in your abilities, you may want to clean your registry once the computer reboots to remove any lingering bits and annoyances. Piriform’s CCleaner registry cleaning function is pretty good for this.

There it is. That’s as hard as it gets. I hope you don’t have to experience this issue, but if you do, I hope that I’ve been able to help you out. Worst case scenario, you shut the computer down and take it to your trusted IT person. Yes, you might be a little embarrassed that you got the ransomware in the first place – it usually comes from doing things you shouldn’t or those entertainment sites that aren’t for minors. But you’ll get the problem dealt with and enjoy a lesson learned. Plus your IT person has probably been to some of the same sites anyway – we’re all human.

If you’ve got any questions about what else you can do to remove or prevent ransomware, let us know in the comments. Our writers and fans are some of the best on the web, and can probably help you out – for free.

Image credit: Locked and chained computer via Shutterstock

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Windows Hacks & Customization
Windows Hacks & Customization
269 Members
229 Members
Best Windows Software
Best Windows Software
163 Members
Windows Troubleshooting
Windows Troubleshooting
152 Members
Windows Security
Windows Security
74 Members
Ads by Google
Comments (32)
  • Everseeker

    Of note: Recently, Ransomware has become much worse…
    1. you accidentally come across a site with an image of a cute lady…
    2. Virus wanders in (quietly).. waits for a lack of activity It Encrypts all your stuff
    3. It looks for links to external stores and encrypts them too (Bye-Bye all backups on “Drive D”)
    4. THEN, it delivers the bad news to you…
    5. You can’t go into safe mode… all the system restores are gone…
    6. Of note: They are pretty much honoring their promise to restore on payment…

  • SmartyPants

    For windows users, there is sometimes another way. Instead of opening with command prompt, select the option safe mode (not with networking and not with command prompt). Once you do that click start –> programs –> startup and see what programs are in there. There is a Microsoft program that executes a file that “bad” people can paste into your startup. if you have malwarebytes installed, scan your program files folders because that it where the virus usually is. if it is not there, right click –> properties on the microsoft program and look at the location of the file. Scan the folder of that file and once the problem is found, you should be able to start without the problem!

  • Larry Maupin

    Or buy a Mac. ;) Virus free for 16 years.

    • Guy McDowell

      Are you sure it isn’t just your conscientious use and being ever-vigilant? ;-)

      My personal PC’s haven’t had a virus in over 10 years. I realize that’s mostly just because I am a vigilant user and apply the preventative methods that we all say we do, but then don’t.

  • Michael W

    My brother was “caught” by one of these ransomware programs a few months ago – his machine booted into a screen warning that he had gone to an illegal site, the FBI had been notified and he would need to pay $200 thru Moneypak to unlock his system. Since he was unable to bypass the warning screen he called me to take a look at it.

    Fortunately I was able to reboot the system into “safe mode” and scan the system with a previously installed version of Malwarebytes Anti-Malware (which identified the infected files and removed them from the system…) I then RESCANNED the system using SuperAntiSpyware and a Avira AntiVirus Rescue Disk. Once I was satisfied that I had removed the program (and checked the add/remove programs for recently installed applications) I rebooted the system as normal.

    One thing I will caution is ALWAYS get your anti-virus and anti-malware programs from a trusted site. DO NOT click OK to download a “free program” if you get a popup on the screen when you’re surfing the internet – you’ll often end up downloading a phony program that can act as a trojan, disable your existing anti-virus/malware programs and infect your system or hijack your browser and search settings. If you do get such a message, close your browser immediately, reboot your system into safe mode and scan your system using a program like Malwarebytes AntiMalware or SuperAntiSpyware.

  • android underground

    Why try to clean a dirty system if you can simply replace it with a clean copy? System Restore is unreliable, and you can never be sure that your antivirus apps really clean up all the dirt. There’s not a single AV that catches everything, and they’re trailing behind the malware by definition.

    If you want to be totally sure you can clean your system you should use drive imaging instead.

    1) Keep windows and your programs on one partition, keep your data on another. If Windows sits on drive C, your data should be somewhere else.
    2) Use drive imaging software to auto-backup your system every night. This way you always have multiple copies of a clean system without lifting a finger. Restore the last clean image whenever your computer smells fishy.

    There are plenty of excellent free drive imaging programs out there. Many of them can automate the process and make incremental backups to go easy on your disk space. You can run all of them from CDs and USB sticks. And they can backup/restore your boot sector, so you can exterminate all rootkits.

    Antivirus programs are like cutting the long threads of the mold out of your rotten sandwich, restoring a drive image is like pulling a fresh loaf from the oven.

    • Guy McDowell

      If you had to put a percentage on it, what percent of users do you think, actually plan ahead like this? I’m guessing 10%.

      I agree with you, but you’re preaching to the choir.

    • android underground

      1) Get bitten by ransomware.
      2) Google for solution.
      3). Find MUO post by Guy McDowell that tells you how to remove ransomware and make drive images to be prepared for next time your computer catches fire.

      The percentage may be 10% now, but by writing stories for a site like this you have the opportunity to increase that percentage a little bit. MUO it!

    • Guy McDowell

      Fair enough. Having Windows Restore operating is a start. Hopefully people who need this help will read the comments to see that there are even more thorough and better options to Windows Restore in case of something this damaging.

      We also have quite a few articles covering drive imaging and how to do that for most major OS’ on MUO. Might not hurt to bring it up again though.

    • Michael W

      Like Guy I would agree that having a drive image and restoring that would be a better choice for ensuring that you have a fully clean system – but most users are like my brother – they don’t do regular backups, don’t keep their systems current and often fail to use anti-spyware/malware/virus programs correctly. Although my brother has owned several computers over the years he is lousy when it comes to maintaining the systems. If his anti-virus program doesn’t auto-update he would likely never get the latest definitions. Even though he has anti-malware software on his computer he doesn’t regularly update the program and even Windows is often not updated although Microsoft makes it really easy to do.

      My other brother is better at maintaining his system, but he still doesn’t do regular backups or drive imaging. Most of the free drive imaging programs (like the free version of Macrium Reflect) don’t do incremental backups and even then the user needs to have the backup drive connected. I often send him reminders that he needs to backup his systems (as well as his college-age kids who both have laptops) but I’ll bet that he probably hasn’t made a backup of his systems in several months.

      One thing I do is have two hard drives in my desktop system – I image the primary drive to the second drive and maintain multiple images on it (every few weeks I re-image the system overnight and delete a older image) If I get hit with a virus, malware or have a system issue I can boot from a rescue cd and restore an earlier disk image to the primary drive. I also have a pristine disk image of my Windows installation that I restore periodically and update for the latest Microsoft updates. That way I can eliminate the need to reinstall Windows if I want to go back to scratch. I can quickly restore the operating system and then choose to add the software of my choice afterwards.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In