How to remove ransomware: Use this battle plan to fight back

Mark Hachman

For dedicated antimalware protection, consider Malwarebytes 3.0, which is advertised as being capable of fighting ransomware. RansomFree has also developed what it calls anti-ransomware protection. Typically, however, antimalware programs reserve anti-ransomware for their paid commercial suites. You can download free anti-ransomware protection like Bitdefender’s Anti-Ransomware Tool, but you’re protected from only four common variants of ransomware.


A good, but not perfect, defense: Backup

Ransomware encrypts and locks up the files that are most precious to you—so there’s no reason to leave them vulnerable. Backing them up is a good strategy.

Take advantage of the free storage provided by Box, OneDrive, Google Drive, and others, and back up your data frequently. (But beware—your cloud service may back up infected files if you don’t act quickly enough.) Better yet, invest in an external hard drive—a Seagate 1TB external hard drive  is only $55 or so—to add some less-frequently accessed “cold storage.” Perform an incremental backup every so often, then detach the drive to isolate that copy of your data. ( has some additional backup advice to help defeat ransomware, as does our earlier story.)

sync google drive offline
You’ll feel a lot better if you have your data backed up online and off.

If you are infected, ransomware may allow you to see exactly which files it’s holding hostage via File Explorer. One clue may be ordinary .DOC or .DOCX files with strange extensions attached. Ondrej Vlcek, the chief technical officer of Avast, offered an unintuitive piece of advice: If the ransomware isn’t time-locked, and you don’t need the files right away, consider leaving them alone. (Work on another PC, though.) It’s possible that your antivirus solution may be able to unlock them later as it develops countermeasures.

Backup isn’t foolproof, however.  For one thing, you may need to research how to back up saved games and other files that don’t fit neatly into “Documents” or “Photos.” Ditto for utilities and other custom apps.


What to do if you’re infected by ransomware

How do you know you have ransomware? Trust us, you’ll know. Ransomware like the busted Citadel ring “warned” that your PC was associated with child pornography, and the imagery associated with most ransomware is designed to invoke stress and fear.

Don’t panic. Your first move should be to contact the authorities, including the police and the FBI’s Internet Crime Complaint Center. Then ascertain the scope of the problem, by going through your directories and determining which of your user files is infected. (If you do find your documents now have odd extension names, try changing them back—some ransomware uses “fake” encryption, merely changing the file names without actually encrypting them.)

Previous Page  1  2  3  4  Next Page