How to remove ransomware: Use this battle plan to fight back

A combination of common sense, backup, proactive protection, and automated removal tools is a solid defense against the growing scourge of ransomware.

Ransomware doesn’t sneak into your PC like ordinary malware. It bursts in, points a gun at your data, and screams for cash—or else. And if you don’t learn to defend yourself, it could happen again and again.

Armed gangs of digital thieves roaming the information superhighway sounds like an overwrought action movie, but the numbers say it’s true: Ransomware attacks rose from 3.8 million in 2015 to 638 million in 2016, even as the number of malware attacks declined. Why steal data when you can simply demand cash?

For the first time ever, the RSA security conference in San Francisco held a comprehensive one-day seminar on ransomware, detailing who’s being attacked, how much they’re taking—and, more importantly, how to block, remove and even negotiate with the crooks holding your data hostage.

Ransomware hits you where it hurts—so prepare

Ransomware threatens the loss of baby photos, tax documents, and other personal data. A survey by Datto found that CryptoLocker, which hunts down and imprisons your personal documents via time-locked encryption, is by far the most prevalent, however, the types of threats vary. One ransomware took over a victim’s webcam threatened to post embarrassing footage it captures online.

A few common-sense habits can help mitigate your exposure to malware and ransomware, experts say:

Keep your PC up to date via Windows Update.

Ensure you have an active firewall and antimalware solution in place. Windows Firewall and Windows Defender are barely adequate, and a good third-party antimalware solution is far better.

Don’t rely on antimalware to save you, however. Experts speaking at the RSA session reminded attendees that antivirus companies were only just getting around to addressing ransomware, and their protection isn’t guaranteed.

Ensure that Adobe Flash is turned off, or surf with a browser, like Google Chrome, that turns it off by default.

Turn off Office macros, if they’re enabled (In Office 2016, you can ensure they’re off from the Trust Center > Macro Settings, or just type “macros” in the search box at the top, then open the “Security” box).

Don’t open questionable links, either on a webpage or especially in an email. The most common way you’ll encounter ransomware is by clicking on a bad link. Worse still, about two-thirds of the infections that Datto tracked were on more than one machine, implying that infected users forwarded the link and exposed more people.

Likewise, stay out of the bad corners of the Internet. A bad ad on a legitimate site can still inject malware if you’re not careful, but the risks increase if you’re surfing where you shouldn’t.

For dedicated antimalware protection, consider Malwarebytes 3.0, which is advertised as being capable of fighting ransomware. RansomFree has also developed what it calls anti-ransomware protection. Typically, however, antimalware programs reserve anti-ransomware for their paid commercial suites. You can download free anti-ransomware protection like Bitdefender’s Anti-Ransomware Tool, but you’re protected from only four common variants of ransomware.

A good, but not perfect, defense: Backup

Ransomware encrypts and locks up the files that are most precious to you—so there’s no reason to leave them vulnerable. Backing them up is a good strategy.

Take advantage of the free storage provided by Box, OneDrive, Google Drive, and others, and back up your data frequently (But beware—your cloud service may back up infected files if you don’t act quickly enough). Better yet, invest in an external hard drive—a Seagate 1TB external hard driveis only $55 or so—to add some less-frequently accessed “cold storage.” Perform an incremental backup every so often, then detach the drive to isolate that copy of your data (CIO.com has some additional backup advice to help defeat ransomware, as does our earlier story).

If you are infected, ransomware may allow you to see exactly which files it’s holding hostage via File Explorer. One clue may be ordinary .DOC or .DOCX files with strange extensions attached. If the ransomware isn’t time-locked, and you don’t need the files right away, consider leaving them alone (work on another PC, though). It’s possible that your antivirus solution may be able to unlock them later as it develops countermeasures.

Backup isn’t foolproof, though.  For one thing, you may need to research how to back up saved games and other files that don’t fit neatly into “Documents” or “Photos.” Ditto for utilities and other custom apps.

What to do if you’re infected by ransomware

How do you know you have ransomware? Trust us, you’ll know. The imagery associated with most ransomware is designed to invoke stress and fear.

Don’t panic. Your first move should be to contact the authorities, including the police and the FBI’s Internet Crime Complaint Center. Then ascertain the scope of the problem, by going through your directories and determining which of your user files is infected (if you do find your documents now have odd extension names, try changing them back—some ransomware uses “fake” encryption, merely changing the file names without actually encrypting them).

The next step? Identification and removal. If you have a paid antimalware solution, scan your hard drive and try contacting your vendor’s tech support and help forums. Another excellent resource is NoMoreRansom.com’s Crypto-Sheriff, a collection of resources and ransomware uninstallers from Intel, Interpol, and Kaspersky Lab that can help you identify and begin eradicating the ransomware from your system with free removal tools.

If all else fails

Unfortunately, experts say that the key question—should we pay up, or risk losing everything?—is often answered by pulling out one’s wallet. If you can’t remove the ransomware, you’ll be forced to consider how much your data is worth, and how quickly you need it. Datto’s 2016 survey showed that 42 percent of those small businesses hit by ransomware paid up.

Keep in mind that there’s a person on the other end of that piece of malware that’s ruining your life. If there’s a way to message the ransomware authors, experts recommend that you try it. Don’t expect to be able to persuade them to unencrypt your files for free. But as crooked as they are, ransomware writers are businessmen, and you can always try asking for more time or negotiating a lower ransom. If nothing else, Grossman said there’s no harm in asking for a so-called “proof of life”—what guarantee can the criminal offer that you’ll actually get your data back? Keep in mind, of the companies that Datto surveyed, about a quarter didn’t get their data back.

Remember, though, that the point of the prevention, duplication, and backup steps are to give you options. If you have pristine copies of your data saved elsewhere, all you may need to do is reset your PC, reinstall your apps, and restore your data from the backup.

Don’t let this happen to you

Ransomware can infect your PC in any number of ways: a new app, a Flash-based gaming site, an accidental click on a bad ad. In our case, it was a sharp reminder not to go clicking willy-nilly because a “friend” had recommended some bargain shopping site. We’re teaching those same lessons to our kids, too.

Ransomware is an unsettling reminder that people mean you harm, and that misfortune may strike at any time. If you treat your PC as part of your home, however—cleaning, maintaining, and securing it from outside threats—you’ll rest easier knowing you’ve prepared for the worst.

This story, "How to remove ransomware: Use this battle plan to fight back" was originally published by PCWorld. Adapted from posting on networkworld.com | By Mark Hachman | Image: Pixabay mashup