Ransomware – software that encrypts your files or locks your screen until you pay its creators a fee – is no longer the preserve of malicious coders. Virus-writers are now offering their creations for sale on the black market for less tech-savvy criminals to distribute, in return for a slice of the profits.
This new tactic means ransomware is spreading faster than ever, and criminals are becoming more inventive with their tactics.
As with all malware, prevention from ransomware is better than cure: only download software from trusted sources, don't open unexpected email attachments, question any new programs you don't remember downloading, and remember that if something sounds too good to be true, it almost certainly is.
However, it's not always possible to stop stealthy attacks – sometimes all it takes is visiting a website that's been compromised – but there are ways to avoid disaster and remove ransomware that slips through the net.
1. Make backups and a rescue disc
If your PC isn't yet infected, you can put measures in place immediately to protect yourself and your data from ransomware.
You should already be making regular backups of your most valuable files – not only as protection from ransomware and viruses, but also from file corruption, disk damage, and theft or loss of your machine. It might seem like a hassle, but it doesn't have to be.
AOMEI Backupper is a free tool that takes the fuss out of this essential part of PC housekeeping, making it easy to back up your whole system, a drive, a partition, or individual files. You can also clone one drive to another with a few clicks, and make bootable rescue media for emergencies like a ransomware infection.
Also make sure you have the latest updates for all your software, to patch any newly discovered vulnerabilities. Check your Windows settings to ensure you receive automatic updates, and install Secunia Personal Software Inspector to identify software in need of patching. The first time you run Secunia PSI it will prompt you to install Microsoft Update; you can ignore this if you're running Windows 8, 8.1 or 10.
2. Boost your PC's security
An online security tool is essential to stop ransomware infections, but bear in mind that some are more comprehensive than others. Avira Free Antivirus is our weapon of choice, and Avast Free Antivirus also offers particularly good for blocking and removing ransomware.
Security stalwart Malwarebytes is working on a tool specifically designed to stop ransomware, and you can try it for free before it's rolled into the company's premium security suite. It's still in beta, so it's not perfect, but it provides an extra layer of security on top of your existing antivirus.
3. Unlock files and remove ransomware
If you're unfortunate enough to fall victim to a ransomware attack, your immediate instinct might be to pay the fine and get everything back working as soon as you can. Most criminals will indeed remove the ransomware unlock your files once you've opened your wallet, but there's no guarantee.
If your PC is locked by ransomware, try inserting your Windows disc, then rebooting. The machine should boot from the disc rather than your hard drive (if not, press [F8] before Windows loads and use the BIOS menu to change the boot order), and you'll be given the option to repair or reinstall the operating system.
Alternatively, you can use the Advanced Boot Options menu (again via the BIOS) to access Windows System Restore, to remove the ransomware by restoring your PC to a point before it became infected.
Restoring or repairing your system should remove ransomware, but your files may still be encrypted – or even deleted. That isn't a problem if you've been making regular backups though, and AOMEI Backupper will enable you to restore them in minutes.