How to avoid ransomware—or remove it
Criminals eager for fast cash have long used ransomware, malicious software that locks your device until you pay up, to extort money from victims. It’s now cheaper than ever for hackers to execute these attacks, security experts say. And, not surprisingly, ransomware attacks are getting worse.
Most successful ransomware attacks today infiltrate Windows, Mac, and Linux computers whose software is not kept up-to-date. The ransomware is programmed to find important files and encrypt them, cutting off a victim from his or her most prized information until the ransom is paid.
“They’re attacking old, vulnerable software and old Web server technology,” says Tony Robinson, a computer security expert who recently wrote a comprehensive history and analysis of ransomware. “Once they’re there, they find the keys to the kingdom, and they go after what they want.”
Ransomware is also starting to show up on phones and other mobile devices.
“Most of the ways people are going to land [ransomware] attacks on mobile devices are through tricking them into opening an app from a nonlegitimate or jailbroken app store,” says Mike Hanley, director of Duo Labs at Duo Security. “Not that Apple’s native app store is infallible, either.”
Despite the growing threat to consumers and businesses alike, you can dodge ransomware attacks with what experts often call “good security hygiene.” And short of paying the ransom, you can also take steps to regain control of your infected phone or laptop.
What to do if you’re infected with ransomware
Ransomware purveyors are notable for using fear tactics such as fake FBI warnings that you have downloaded illegal pornography, or intimidating graphics such as ones from the Saw line of horror films, to manipulate victims into paying to unlock their devices. They also pressure their victims by threatening to raise the fee if they don’t pay within a certain time window, often 48 or 72 hours.
“Even if you pay, you don’t know if they will decrypt your device,” says Nikolaos Chrysaidos, a mobile-malware researcher at Avast, which sponsors this site. “Only 50 percent will decrypt” your computer or phone, he says.
Here are some ways to remove ransomware, if your computer does get infected. Try these in order, as the side effects get worse with each one.
Step 1: Don’t panic. Search the Web for information about the ransomware you’re facing. It can be helpful to describe the warning that you’re seeing, as sometimes that’s an indicator of the kind of ransomware. Ransomware often is unsophisticated malware, and other victims may have already found a way around it. In the case of the recent Petya ransomware, the good guys found vulnerabilities in the malware and were able to create an encryption key generator so that Petya victims could rescue their computers for free.
Step 2: Clean your computer completely before attempting to restore any data. If you don’t, you’ll have to repeat the process. The cleaning process varies, depending on your computer or phone. Microsoft recommends using Windows Defender Offline. Apple does not have an official recommendation for removing Mac or iPhone ransomware, as ransomware that attacks Apple products is more rare. But it still exists. If you find your Mac or iOS device infected with ransomware, you’ll have to search for how to remove it on a case-by-case basis.
For Android, boot into Safe Mode, a process that varies across devices and versions of Android. Safe Mode disables all non-system apps. From there, find the ransomware app, remove its Device Administrator privileges, and uninstall it.
Step 3: Pay the ransomware, and hope that you get your data back.
Step 4: Wipe your device, and reinstall its operating system. This process deletes all your apps and programs, files, and settings. However, it does give you a device free of ransomware.
How to avoid ransomware infections in the first place
What exactly is “good security hygiene,” as the experts like to call it? It’s a series of common-sense steps you can take to avoid becoming a ransomware statistic.
Tip 1: Back up your data. The surest way to be able to resurrect your computer or phone after a catastrophic event like a ransomware infection is to wipe it and restore your files, photos, movies—anything on the device that’s important to you.
Tip 2: No matter how tempting they might be, don’t click on emailed links or download attachments until you are absolutely certain the links or attachments are legitimate. If you’re not sure, check by contacting the sources, whether they’re colleagues, family members, or banks.
Tip 3: Avoid unofficial app marketplaces. Third-party app stores for Android and iPhone have gotten their users into hot water with ransomware, so avoid them, if you can. And when using “official” app marketplaces, it’s a good idea to run a search on app vendors, if you’re unsure of who they claim to be. Some ransomware has snuck into legitimate app stores.
Tip 4: Make sure that everything is up-to-date. Use only the latest versions of apps and software, browser add-ons, and plug-ins, and ensure that your device’s operating system has the latest security patches.
Tip 5: Use security software designed to constantly guard against unintentional downloads, as well as those that that look legitimate but behave maliciously.