What to Do If You’ve Been Infected with Ransomware

Imagine this scenario: You’re typing away on your device when you suddenly get a message - “Your computer is locked. Your personal files are encrypted. You have five days to pay to retrieve your files or we’ll raise the ransom.”


And then you see a countdown timer telling you how many hours you have left before they permanently delete all your files.


What a nightmare! Unfortunately, these things do happen. This form of malware is called ransomware. It’s like kidnapping, but for your digital files and personal information.


In 2019 alone, 205,280 organizations were hacked in ransomware attacks, according to a report in The New York Times. This was a 41% increase from the previous year, according to the same report. What’s even more troubling is that the average ransom amount spiked to $84,116 from just $40,000 the previous quarter!  


Though ransomware criminals usually target companies because of the sensitive nature of their files, they also attack random civilians too. According to the 2019 Cyberthreat Defense Report by CyberEdge, personal mobile devices have been the target of these attacks because hackers think they’re more vulnerable.


Scammers usually do this by tricking people into installing malware or malicious software. These hackers are becoming more and more sophisticated too. You may think you’re downloading an app or software from a legitimate company but in fact, it’s malware that can encrypt your files, then hold them ransom.


This only proves that having an anti-malware program is necessary to avoid this situation. But if you’re way past that point and you are literally facing a screen demanding you to pay money then there’s still no need to panic just yet.


Did you know that you don’t have to pay the ransomer’s demands? The good news is that you can safely get rid of ransomware from your computer. Just follow these five simple steps that will tell you how to remove ransomware:


Step 1: Record evidence of the attack


The first thing you have to do is quickly record evidence of the ransomware attack. If you can’t take a screenshot, take a picture using another device such as your phone. It’s good to have a copy of this in case you want to file a police report. But make sure you act quickly.


Step 2: Immediately disconnect your device


The next step is to disconnect your device straight away to stop the ransomware from spreading to other devices in your network. If a lot of accounts on your infected laptop are connected to your phone too, then it may be in trouble. The only way to save these is to disconnect from the internet, then turn off any potentially infected device.


Step 3: Figure out what type of ransomware has infiltrated your device


Using another device (or maybe borrowing a friend’s computer), try to find out what type of ransomware was used. You can also restart your computer, then do your investigation using the safe mode.


It’s like diagnosing a disease. If you know what specific infection you contracted, the easier it is to find the right cure.


Since hackers come up with different types of ransomware, it’s an ever-evolving search. Luckily, forums like this one from Reddit offer a space where people can share their experiences about the latest ransomware infections.


Read through the comments and find one that matches the description of what happened to you. In some of the threads, they also tell you how to remove the ransomware virus manually. Remember, take these suggestions with a grain of salt as the people commenting are not cybersecurity experts!


Also, remember that you visited the forum to simply diagnose the problem and you should focus on that. Some terms you may encounter include:  

  • Scareware. Are you getting threats demanding you pay the ransom ASAP? Are they using very threatening (but very poorly worded) language? This may be scareware, a mild type of ransomware that can easily be removed by an anti-malware software.
  • Doxxing ransomware. This happens when hackers not only hold your files ransom, but also threaten to blackmail you by using them. Hackers use doxxing ransomware to intensify the pressure on their victims to pay up.
  • Screen-locking ransomware. When you can’t do anything to your device at all because your screen has been locked, you may have screen-locking ransomware.
  • Encrypting ransomware (aka filecoders). This type is the most dangerous of all because it encrypts your files or your entire hard drive.

Step 4: Remove the piece of ransomware

  • Use a ransomware removal tool. Ransomware can be removed with strong cybersecurity software. It should have a feature that would enable a cybersecurity expert to help you get rid of ransomware and guide you every step of the way.
  • One thing you must know is that in some cases, it’s impossible to get the files back after deleting the ransomware. Sadly, you just have to deal with the loss.
  • Another way to take control of your device is to manually restore the system. There is a system restore feature in almost every device and usually only takes a few clicks to do.

Step 5: Recover your hidden or encrypted files

  • Check for hidden files. The easy fix is to check if the ransomware is hiding in plain sight. Some of it may be hiding in your system folders as invisible files. There are different ways to show these files in Windows and in Mac.
  • If the backup files didn’t get encrypted as well, then you can easily restore your system from a backup. This restore setting is just sitting on your device’s advanced settings. Make sure to check the last backup date. Unfortunately, the files you created after this date won’t be recovered.
  • Did you know that there’s a way to retrieve your encrypted files using an online decryptor? You can use a tool like No More Ransom which asks you to upload the encrypted files so they can be returned to you decrypted.
  • Most cybersecurity experts don’t advise paying the ransom, but at the end of the day, your files are still at stake. It’s still your decision, whether you want to try to remove the infection on your own at the risk of getting all your files deleted. Some people who have experienced ransomware have to haggle with the hackers about the price. According to those who have been through this experience, ransomware criminals often give the decryption fee because if word gets out that they’re not giving back the files, then it doesn’t make sense that people would pay the ransom! (Why would you pay the ransom if you know the hostage won’t be returned, right?)

Stop ransomware from affecting your computer in the first place

At the end of the day, prevention is always better than the cure. You can’t be a target of ransomware if you use a reliable cybersecurity software solution. Clario offers all-round protection whenever you go online.


So forget ransomware criminals and live a more secure digital life with Clario.

Read more:

Fix & Relax

We’d like to stay in touch.

We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. ReCaptcha verification failed

More Related Articles

Click here to start installing

Run Application

Double-Click on MacKeeper.pkg

Click Continue