Ransomware — software that holds your PC or mobile to ransom — is on the rise. Scammers know that by locking up a victim’s valued data, there is a strong chance that they will pay to have it released.
A quick glance at our search page reveals that there have been ransomware attacks on Windows, on Android, and even on Mac in the past few months. It doesn’t matter what platform you use: there is a chance that ransomware scammers will attack, even if their data-encrypting tools don’t really work (as was the case with this OS X ransomware scam).
Ransomware can target anyone, regardless of location or wealth. But what can you do about it?
— Raj Samani (@Raj_Samani) October 18, 2016
Fortunately, several steps can be taken to avoid ransomware infection. Even if your PC or mobile is locked up, your data encrypted, never to be seen again unless you pay up, there are now tools you can use to recover it.
In short, ransomware removal is a two-stage process:
- Remove the ransomware.
- Decrypt (or restore) the data.
We’ll look at the decryptors you can use later in the post. First, let’s have a look at what you can do to avoid ransomware altogether.
You don’t want to be in a position to have to remove ransomware. Doing so, regardless of how good the tools are, is potentially time-consuming. It might also involve a certain amount of prayer, regardless of how little faith in a higher power you may currently possess.
Quite simply, you don’t want scammers infecting your computer or mobile with ransomware. This malware will seek out your data — recognizing the default libraries for your operating system — and lock it all with encryption. You’ll only get the chance to rescue your data if you pay up to receive the decryption key.
And that could cost hundreds, or even thousands, of dollars.
To avoid putting yourself through the ringer of ransomware removal, the best option is to make sure you don’t get it in the first place. So, how do you do this?
Always Back Up Your Data
It doesn’t matter whether you’re using a cloud backup or you create an image of your HDD — having a regular backup routine is imperative in the modern age. For the best results, you should back up twice. Make sure one of these is local, and the other remote (typically a cloud service) and remember to disconnect from each when the backup is made.
We regularly underline the importance of backing up data. It really cannot be underlined enough.
However, wherever possible, it’s also a good idea to ensure that your vital data — documents, photos, videos, projects, etc. — is stored on a separate device to your operating system. At the very least, save them to a different partition. While modern ransomware is wise to this trick, older malware is not. It’s a lot less painful to reformat an encrypted hard disk drive that only had an operating system on it.
Update Your Operating System and Applications
Whether you’re using Windows or Android (the two biggest targets for ransomware), always ensure that your operating system is up to date. Accept and run Windows updates, check for and install updates on your Android phone or tablet. In the case of Android, note that if you’re using a custom ROM that isn’t regularly updated, you risk security issues.
Similarly, you should ensure that your software is updated as soon as updates become available. This ensure that security updates to the apps are applied, which should include any security issues.
Install a Competent Anti-Virus Solution
We don’t particularly like haranguing you over this matter. But if you’re not using an exceptional free AV solution, or a good quality paid option (such as BitDefender, for example), then you’re leaving yourself wide open to attack. Various methods have been used by ransomware attackers to infect systems. These include email, instant messaging, and torrent downloads. Having protection against ransomware getting onto your system is vital.
Additionally, a good quality security suite should offer the ability to protect your personal folders from unauthorized access from unrecognised apps.
Who Do You Trust Online?
The answer to this question should be simple: no one.
It doesn’t matter if we’re talking about your parents, partner, or boss. No one can be trusted online, because everyone makes mistakes. Mistakes can mean security issues, and we want to avoid those — especially if they lead to ransomware.
So, never open email attachments from people you don’t know. For those you do know, make sure your antivirus suite has an email scanning tool. If you use Gmail, ensure attachments are scanned before you open them.
Ransomware Removal Tools You Can Download for Free
So, what if you have been infected by ransomware. The demand for payment is probably sitting on your computer or mobile display right now. Perhaps it’s even increasing daily.
What can you do?
In the past, we’ve seen a variety of tools designed to remove ransomware from your system, and unlock your “stolen” data. The effectiveness of these utilities would depend upon the type of ransomware infection. For instance, early ransomware could be overcome with common ingenuity. On the other hand, modern ransomware often manages to reign supreme over its targets unless there is a problem with the encryption system used. For instance, one or two ransomwares have relied on a single decryption key for all or many attacks, making them more prone to failure.
Several tools have been provided, free of charge, to people whose data is held by ransomware. Before using these, however, please run your antivirus/antimalware solution of choice to remove the ransomware from your system. Your files will remain encrypted at this stage, but you don’t want to decrypt them later only for the ransomware to encrypt them again!
7 Free Ransomware Decryptors
Over at NoMoreRansom.org, you’ll find a bunch of new and/or updated tools for dealing with a wide selection of ransomware encryptions. These seven tools (more are available elsewhere) are intended to decrypt the data on your hard disk drive, and have been provided by Intel Security and Kaspersky Labs.
- WildFire Decryptor — As you might guess from the name, this will decrypt files encrypted by the Wildfire.
- Chimera Decryptor — This will tackle files encrypted by Chimera.
- Teslacrypt Decryptor — Hit by TeslaCrypt v3 and v4? This will help.
- Shade Decryptor — Decrypts files with the extensions XTBL, YTBL, BREAKING_BAD, and HEISENBERG.
- CoinVault Decryptor — Decrypts files encrypted by Coinvault and Bitcryptor.
- Rannoh Decryptor — Deals with files encrypted by Marsjoke/Polyglot, Rannoh, CryptXXX v1 and 2 and others.
- Rakni Decryptor — This will decrypt files encrypted by Chimera, Rakhni, Agent.iih, Aura, Bitman/TeslaCrypt v3 and 4, and several others.
For full details of each decryption tool, head to the NoMoreRansom.org site.
If you’re interested in how ransomware decryptors work, it’s worth taking a look at the how-to guides for all of these decryptors. Here you’ll find clues as to how the decryptors work — for instance, Rakni Decryptor will work even quicker if a particular file has been left on your hard drive by the ransomware.
How Did You Defeat Ransomware?
Despite these tools, we need to be realistic. Putting ransomware developers on the back foot will only prompt them to be even more inventive. We’re already hearing about a new ransomware (currently disabled) that encrypts individual files rather than directories, partitions, or drives. How tough would it be to decrypt thousands of Word documents or family memories in JPEG form? And that’s before we consider the specter of AI-driven ransomware.
This is why precaution is the way to protect from ransomware, rather than decryption.
Have you been affected by ransomware? Have you tried any of these tools, or did you prefer to restore from a backup? Tell us about it in the comments.