Don’t Pay Up – How To Beat Ransomware!

Ads by Google

how to beat ransomwareJust imagine if someone showed up on your doorstep and said, “Hey, there’s mice in your house that you didn’t know about. Give us $100 and we’ll get rid of them.” This is the Ransomware Scam in its original form. There actually used to be people that would go around, let pests into your house and then knock on your door and point them out to you. “Good thing we saw them while driving by!”  This scam must be making someone some good money because it’s still going on.

The scam needs a few things to be successful. First, the problem must be real. Whether the crook is putting mice in your crawlspace or malware on your computer, there is a real and verifiable threat. Second, they have to make themselves look like credible experts to make you think they can solve the problem. This could be an exterminator truck and coveralls, or the illegal use of an official logo like the RCMP. Third, they need to get your cash in hand quick before you can realize what’s going on. The exterminator might do this by saying something like, “Just give us $100 cash and we don’t have to charge you for a service call because we were already in the neighbourhood.” The online crook will take your credit card or a gift card.

Where things really take two different tracks between the real-life con and the online con is what can happen after you’ve paid them off. The real-life scum generally disappear, never to be heard from again. The online scum may leave behind malware that opens you up to them again and again. Or if they got your credit card and other personal information, they may just ruin your life as you know it.

First Things First

Yes, you’re going to get the whole “an ounce of prevention is worth a pound of cure” speech. Why? Because it is true.

Make sure that you are using a full gamut of security software – anti-virus, firewall, anti-phishing software, what have you. There are plenty of freeware versions out there that are very good. Make sure that all of your security software is up-to-date, and all the important security updates for your operating system are installed. Make sure that you are using your computers System Restore utility or back-up software. Try to stick only to reputable websites, don’t download pirated materials, and only open attachments that you are expecting to receive.

But, unfortunately, if you’re reading this, you probably missed a link in that chain somewhere. So what now?

Ads by Google

Is It Ransomware?

So how do you know you’re being taken? Here’s a few clues:

  • Microsoft does NOT make house calls.
  • The police DO make house calls.
  • The software that the ransomware claims to be is NOT the security software that you installed.
  • Helpful people don’t disable the rest of your computer until you pay them.

If any of the above apply to your situation, you just might have ransomware.

how to beat ransomware

Now What?

Force your computer to power down. Most often this can be done just by holding the power button down for a few seconds. Before you get ready to power your computer up again, be ready to hit the F8 button. What I normally do is hit the power button and start tapping the F8 key about once a second until I get a text screen like the one below.

best ransomware removal

Now, chose Safe Mode with Command Prompt. You’ll see some text go flying by and eventually you’ll just see a line of text with a cursor blinking at you. At this point, type this in and hit Enter:

C:\windows\system32\rstrui.exe

best ransomware removal

Why do you have to do this from the command line? You might not have to, but the most recent and virulent police/RCMP/ukash ransomware only seems to be able to be defeated in this manner. The command line mode of Windows only loads the MOST essential services and does not connect you to your network  or Internet connection.

Once the System Restore utility opens, hopefully you’ll have a few restore points to choose from. Choose one that is definitely a time before you got the ransomware. Follow the prompts to restore your Windows installation to that point in time. The restoration process might take a little time, so relax.

best ransomware removal

Reboot your computer and allow it to go into Windows normal mode. That’s done by just sitting back and letting the computer do its thing. The ransomware should now be gone.

Run your antivirus software and perform as thorough a scan of all your hard drives as possible. This might take a little while so relax and have a fine beverage.

Once this is all done, you may want to scan your computer with another antivirus program. Let’s face it, yours missed it the first time.  ClamWin is a decent one that can be run from a USB drive.

I Disabled System Restore

Why? I bet you feel a little silly now, don’t you? Fret not, there are still ways to remove this ransomware. You’ll need the following:

  • An empty USB drive or CD to which you can burn files.
  • A computer with an Internet connection that is not infected.
  • A little patience and courage.

Get on the Internet and look for Windows Live Repair CD’s. There are a bunch of them out there, but any of the ones that Justin mentions in his article, Three Live CD Antivirus Scanners You Can Try When Windows Won’t Start. They are all EXCELLENT choices. I keep all three in my IT toolkit.

If you’re looking for bootable USB tools, you can try Dave’s article The PC Repair Toolkit in your Pocket: Boot CD on a USB Stick. Sure the article is from 2008, but the method and software are still valid and works like a charm.

How Do I Use The CD Or USB Drive?

Before you power down your computer, you want to put the CD into your CD drive. If you are using the USB drive option, wait until the computer is powered down to insert it.

Now restart the computer. As it is restarting you’ll need to tap the button that will give you the Boot Menu. On my Acer, it’s F12. It may be different on your computer. Once you get the boot menu, choose to boot from the CD/DVD drive or the USB drive – whichever applies to you.

how to beat ransomware

Your computer is going to use the USB or CD drive as its operating system, so don’t expect to see anything like Windows. Use the antivirus software that is on the USB/CD to give a complete and thorough scanning and cleaning of your computer. Follow the antivirus software’s recommendations, which will usually be to delete the offending files. This process may take anywhere from 20 minutes to a few hours depending on the size of your hard-drive and the boot CD/USB that you are using. You can’t wander away though, stay there to respond to the alerts.

Once the process is done, log out of the USB/CD boot software, remove the USB/CD, and reboot your computer. You should now be ransomware free. If you are confident in your abilities, you may want to clean your registry once the computer reboots to remove any lingering bits and annoyances. Piriform’s CCleaner registry cleaning function is pretty good for this.

There it is. That’s as hard as it gets. I hope you don’t have to experience this issue, but if you do, I hope that I’ve been able to help you out. Worst case scenario, you shut the computer down and take it to your trusted IT person. Yes, you might be a little embarrassed that you got the ransomware in the first place – it usually comes from doing things you shouldn’t or those entertainment sites that aren’t for minors. But you’ll get the problem dealt with and enjoy a lesson learned. Plus your IT person has probably been to some of the same sites anyway – we’re all human.

If you’ve got any questions about what else you can do to remove or prevent ransomware, let us know in the comments. Our writers and fans are some of the best on the web, and can probably help you out – for free.

Image credit: Locked and chained computer via Shutterstock

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Windows Tips
Windows Tips
675 Members
Windows_10
Windows_10
535 Members
Windows Troubleshooting
Windows Troubleshooting
462 Members
Best Windows Software
Best Windows Software
397 Members
Computer Hardware Talk
Computer Hardware Talk
277 Members
Affiliate Disclamer

This article may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In