Tuesday, October 25, 2016

What To Do If Your Computer or Device is Infected With Ransomware

Ransomware is an increasingly common form of malicious software that can block access to computers, devices, specific files and sometimes cloud storage. Cybercriminals use ransomware to extort money from their victims. Once a computer or device has been infected with ransomware, cybercriminals demand payment to restore access to their device. Payment is usually requested in the form of anonymous currency, such as Bitcoin, but some victims have been ordered to make cash drops in public locations. If your computer or device has been infected by ransomware, you need to take swift action to minimize the damage.

Disconnect All Devices

The first thing you need to do when you discover a ransomware infection is to prevent it from spreading to other devices sharing the same network. Disconnect the infected computer or device from the Internet, all networks and any connected devices as soon as possible, remembering to turn off Wi-Fi, Bluetooth and any other connections. If possible, turn your device off, as this may interrupt the ransomware attack before it can be fully executed.

Report the Attack

Social media, websites and forums can provide useful information about specific types of ransomware and how to remove it. Several Facebook groups, Twitter hashtags and forums have been set up by members of the public to help stop the spread of malware. Reporting ransomware and other malicious software attacks through social media and forums enables these anti-malware groups to gain more insight into the current techniques used by cybercriminals.

Remove the Infection

Ransomware removal is not always possible, as cybercriminals are continually finding new ways to prevent the detection and removal of malware. However, some types of ransomware can be removed using tools offered online. For example, Trend Micro, a security software company, provides a Ransomware Screen Unlock Tool, which can help users to regain access to locked computers and devices. Other security companies offer similar tools and file decryption software that can be used to regain access to specific files.

Wipe Your Device

If the ransomware removal tools don't work, your best option may be to wipe your device and reinstall your operating system. While this means you will lose any unsaved data, it may be possible to restore files from previous backups that were automatically performed by your operating system or security software. Check the help files or online literature associated with your operating system, security program and backup software to see if you can salvage your data.


Unfortunately, it's not always possible to remove a ransomware infection, particularly when it comes to the more recent versions. However, while you may not be able to salvage your unsaved data, you should be able to wipe your device and start again with a clean system. If you have important data that you don't want to lose, it can be tempting to pay the ransom, but there is no guarantee that the cybercriminals will return access to your device. Therefore, most security experts advise against making payments.


If you would like to learn more about how to protect your systems from Ransomware and other failures. Please contact us at 877.860.5831 x109

Robert Blake
The Backup Guy

Bit by Bit Computer Consulting

Mojave Upgrade - Apple 2