These Ransomware FAQs Can Save You A Lot Of Money

Since ransomware is becoming an increasingly-growing menace, we have decided to create frequently asked questions that will help you understand better ransomware viruses and better know how to protect yourself from such. Not only you will learn more information about ransom viruses, but you will also learn what options you have to counter-react once your computer has been infected with ransomware. Let’s begin.

Q1: What Is Ransomware?

A: Ransomware is an ever-growing malware threat which may infect your computer after which encrypt your files with an encryption algorithm – a cipher that replaces the original structure of the files with it’s custom symbols to render them no longer openable. Most ransomware viruses leave a ransom note that ask users to pay a hefty fee to get their files back, usually by using BitCoin, the biggest online cryptocurrency. An example of a ransom note is the picture below, set as a wallpaper by Cerber ransomware:

Q2: How much money do I have to pay once I am infected?

A: There are many different ransomware viruses out there, and once they have infected your computer it is completely dependent on the cyber-criminals what will be the payoff amount. While some hackers just joke and restore the files for free, other want small payments in the amounts of 5 to 50 US dollars. The most notorious viruses usually demand sum approximate to 500 US dollars, but there are even greedier ransomware viruses, that demand thousands of dollars in BitCoin. Such greedy crypto-viruses usually attack institutions like hospitals and are not very widespread. The most likely change if you get hit is that you will be requested sum off approximately 100 to 500 US dollars.

Q3: How to Get Rid of a Ransomware Virus

A: Ransomware type of malware is just like any other cyber-threat out there – it enters your computer usually via fake e-mail attachment and infects you via an updated and very expensive exploit kit. Then the virus downloads malicious files in typical Windows folders like other malware does, depending on where it is pre-programmed to drop the payload:

The files may have different names, but they usually resemble legitimate processes of Windows. In addition to dropping files, ransomware viruses also manage to create various objects in the Windows registry entries for different purposes:

• To make the ransom notes run on startup.
• To change the wallpaper.
• To set the file (module) responsible for encrypting data to run on Windows boot.

There are different removal methods for different ransomware viruses, but so far ransomware has been spotted to massively infect primarily on two operating systems amongst all (because there are ransom viruses for other OS’s as well):

• Android.
• Windows.

We have prepared the following tutorials below to help you learn how to remove ransomware from both your PC and your Android device:

Instructions for computers:

Manually delete ransomware from your computer

1. Boot Your PC In Safe Mode to isolate and remove ransomware files and objects

Boot Your PC Into Safe Mode

1. For Windows 7,XP and Vista. 2. For Windows 8, 8.1 and 10.

For Windows XP, Vista, 7 systems:

1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:

– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.

– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.

3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.

4. Log on to your computer using your administrator account

While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

Step 1: Open the Start Menu

Step 2: Whilst holding down Shift button, click on Power and then click on Restart.
Step 3: After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.

Step 4: You will see the Troubleshoot menu. From this menu you can choose Advanced Options.

Step 5: After the Advanced Options menu appears, click on Startup Settings.

Step 6: Click on Restart.

Step 7: A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart.

2. Find malicious files created by ransomware on your PC

Find malicious files created by ransomware

1. For Windows 8, 8.1 and 10. 2. For Windows 7,XP and Vista.

For Newer Windows Operating Systems

Step 1:

On your keyboard press  + R and write explorer.exe in the Run text box and then click on the Ok button.

Step 2:

Click on your PC from the quick access bar. This is usually an icon with a monitor and its name is either “My Computer”, “My PC” or “This PC” or whatever you have named it.

Step 3:

Navigate to the search box in the top-right of your PC’s screen and type “fileextension:” and after which type the file extension. If you are looking for malicious executables, an example may be “fileextension:exe”. After doing that, leave a space and type the file name you believe the malware has created. Here is how it may appear if your file has been found:

N.B. We recommend to wait for the green loading bar in the navination box to fill up in case the PC is looking for the file and hasn’t found it yet.

For Older Windows Operating Systems

In older Windows OS’s the conventional approach should be the effective one:

Step 1:

Click on the Start Menu icon (usually on your bottom-left) and then choose the Search preference.

Step 2:

After the search window appears, choose More Advanced Options from the search assistant box. Another way is by clicking on All Files and Folders.

Step 3:

After that type the name of the file you are looking for and click on the Search button. This might take some time after which results will appear. If you have found the malicious file, you may copy or open its location by right-clicking on it.

Now you should be able to discover any file on Windows as long as it is on your hard drive and is not concealed via special software.

3. Fix registry entries created by ransomware on your PC

Fix registry entries created by ransomware on your PC.

Some malicious scripts may modify the registry entries of your computer to change different settings. This is why manual clean up of your Windows Registry Database is strongly recommended. Since the tutorial on how to do this is a bit lenghty, we recommend following our instructive article about fixing registry entries.

Automatically remove ransomware by downloading an advanced anti-malware program

1. Remove ransomware with SpyHunter Anti-Malware Tool

Remove ransomware with SpyHunter Anti-Malware Tool

1. Install SpyHunter to scan for and remove ransomware.2. Scan with SpyHunter to Detect and Remove ransomware.

Step 1:Click on the “Download” button to proceed to SpyHunter’s download page.

Download

Malware Removal Tool

It is highly recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter.

Step 2: Guide yourself by the download instructions provided for each browser.
Step 3: After you have installed SpyHunter, wait for it to automatically update.

Step1: After the update process has finished, click on the ‘Scan Computer Now’ button.

Step2: After SpyHunter has finished scanning your PC for any ransomware files, click on the ‘Fix Threats’ button to remove them automatically and permanently.

Step3: Once the intrusions on your PC have been removed, it is highly recommended to restart it.

Android Instructions:

Q4: Can I recover the encrypted files without having to pay the ransom.

It is a very variable question whether you can restore all of your files, but usually, the answer is no. However, malware researchers have created decryptors for those ransomware viruses which have been encrypted until this point. This is why we have made instructions for all of the decryptors that are currently associated with ransomware viruses. So far, there are three parts of those, but expect more to be released on our blog very soon. Here are the decryption instructions:

Decrypt Files Encrypted by Ransomware Viruses PART 1
Decrypt Files Encrypted by Ransomware Viruses PART 2
Decrypt Files Encrypted by Ransomware Viruses PART 3

However, there are many dangerous and devastating ransomware viruses out there, such as Locky, Cerber3, Cerber “4.0” and of course the notorious CryptoWall that have caused massive damage and still cannot be decrypted. Those and other viruses contain very well-structured and generously coded payloads, which make it very difficult for researchers to discover a decryption solution while reverse engineering them.

There is no reason to get desperate, however, especially if you have backup enabled. Below, are several alternative methods that can help you recover your files in some specific circumstances. We suggest them out if you are interesting in attempting other solutions for data restoration. But, bear in mind that you should try these methods at your risk, this is why we advise you to back up the encrypted files before attempting those methods. Here are the alternative techniques for Windows systems:

Q5: How to Pay the Ransom?

A: It is strongly advisable NOT to pay the ransom, even if it is little, because of several obvious reasons:

Paying the ransom may not get your files back.
The cyber-criminals may have broken the ransomware, and even if they restore the files, you may not get all of them back because encryption has to be tested before tried out live.
You support the cyber-criminals to purchase even more ransomware features and develop their virus and spread it further to cause more damage.
The malware may also steal your files which could then be sold by crooks to the one who pays most for them.
Ransomware viruses are no funny business, and instead of brining your files back they may infect your computer with other malware as well as more ransomware viruses.

But if you want to pay the ransom despite our warnings, it can be achieved via creating a BitCoin wallet and trading BTC for real cash. There are many trading platforms for BTC online, and there you can transfer funds in multiple ways It is not yet an advanced method to transfer money for BitCoin directly by providing your credit card details or via PayPal. However, you could use private sellers that can sell you BTC at their rate for other cryptocurrencies or Amazon Gift Cards even though it may be risky because there are a lot of scammers out there.

Q6: What Type of Files are Encrypted

A: Usually ransomware viruses encipher files that are commonly used, like videos, documents, audio files, web files, files related to programs that are often used, images, etc. Regarding file extensions, this is a lot, so ransomware usually focuses on the most widely used ones, for example:

Q7: How to Protect Myself

There are several general principles that need to be followed to combine them into a system which will significantly increase ransomware protection.

Principle 1:

Safely store your files. To learn more about how to store your data and protect it from ransomware even if it infects your computer, please read the following article:

Safely Store Your Important Files and Protect Them from Malware

Principle 2:

Change your browsing and e-mailing habits. Be on the lookout for suspicious e-mail attachments and web links especially hiding behind fake LinkedIn or other buttons. Bear in mind that before downloading anything, now it is possible to inspect it with security browser extensions, like VirusTotal extension, for example, which is completely free and should detect a virus on the spot. Also make sure that you educate all of the users on your network, because some worms that infect networks may download ransomware onto multiple computers on the network and activate it simultaneously.

Principle 3:

Get an advanced anti-malware program which is not commercial and is professional. Most anti-malware programs are advanced and do the job, but exploit kits and malware obfuscators are pre-programmed to skip the real-time protection of exactly well-known antivirus software. This is why one simple solution is to find an advanced anti-malware software that is not so famous.

It is highly recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter.

Principle 4:

Get a ransomware protection program. Usually most anti-malware and antivirus tools now have anti-ransomware features, but a separate program taking care of exactly this is a very good solution against most ransomware threats nowadays. If used in combination with anti-malware program, this will significantly improve the defense of a PC.

Q8: Can having a MacBook or iPhone Protect Me?

A: Unfortunately no. Although Mac OS is much more secure primarily because less malware is written for it, the case with ransomware is in the opposite direction. More and more ransomware viruses will be written for Apple devices, according to experts. The future of Mac OS ransomware will be primarily connected with files on iCloud and Mac users should beware. Not only this but there are lockers for iPhones at this moment which are very difficult to remove suggesting that the road for iPhone ransomware will soon be walked on.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website