{"id":7243,"date":"2017-04-05T08:30:10","date_gmt":"2017-04-05T16:30:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/05\/news-1034\/"},"modified":"2017-04-05T08:30:10","modified_gmt":"2017-04-05T16:30:10","slug":"news-1034","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/04\/05\/news-1034\/","title":{"rendered":"How to rescue your PC from ransomware"},"content":{"rendered":"

<\/p>\n

Credit to Author: Eric Geier| Date: Mon, 03 Apr 2017 17:51:00 -0700<\/strong><\/p>\n

With \u00a0nasty malware like Locky<\/a>\u00a0making the rounds\u2014encrypting its victims\u2019 files, and then refusing to unlock them unless you pay up\u2014ransomware is a serious headache. But not all ransomware is so difficult.<\/p>\n

You can remove many ransomware viruses without losing your files, but with some variants that isn\u2019t the case. In the past I\u2019ve discussed general steps for\u00a0removing malware and viruses<\/a>, but you need to apply some specific tips and tricks for ransomware.\u00a0The process varies and depends on the type of invader. Some procedures involve a simple virus scan, while others require offline scans and advanced recovery of your files. I categorize ransomware into three varieties: scareware, lock-screen viruses, and the really nasty stuff.<\/p>\n

An example of a fake antivirus app.\u00a0<\/p>\n

The simplest type of ransomware, aka scareware, consists of bogus antivirus or clean-up tools that claim they\u2019ve detected umpteen issues, and demand that you pay in order to fix them. Some specimens of this variety of ransomware may allow you to use your PC but bombard you with alerts and pop-ups, while others might prevent you from running any programs at all. Typically these invaders are the easiest type of ransomware to remove.<\/p>\n

The Kovter ransomware locks down your computer, displaying a fake notice claiming to be from several government authorities.\u00a0<\/p>\n

Next is the ransomware variety I call lock-screen viruses, which don\u2019t allow you to use your PC in any way. They display a full-size window after Windows starts up\u2014usually with an FBI or Department of Justice logo\u2014saying that you violated the law and that you must pay a fine.<\/p>\n

A ransomware program called Locky has quickly become one of the most common types of malware seen in spam.<\/p>\n

Encrypting malware\u2014such as Locky\u2014is the worst variant, because it encrypts and locks your personal files until you pay up. But even if you haven\u2019t backed up your files, you may have a chance to recover your data.<\/p>\n

Before you can free your hostage PC, you have to eliminate the hostage taker.<\/p>\n

If you have the simplest kind of ransomware, such as a fake antivirus program or a bogus clean-up tool, you can usually remove it by following the steps in my previous malware removal guide<\/a>. This procedure includes entering Windows\u2019 Safe Mode and running an on-demand virus scanner such as Malwarebytes<\/a>.<\/p>\n

If the ransomware prevents you from entering Windows or running programs, as lock-screen viruses typically do, you can try to use System Restore<\/a> to roll Windows back in time. Doing so doesn\u2019t affect your personal files, but it does return system files and programs to the state they were in at a certain time. The System Restore feature must be enabled beforehand; Windows enables it by default.<\/p>\n

You can usually bring up the Advanced Boot Options of Windows 7 by pressing F8 during booting.<\/p>\n

To start the restoration process using System Restore, follow these steps depending on your OS version:<\/p>\n

You can get to the recovery options of Windows 8, 8.1, and 10 by holding shift when rebooting from the Windows login screen.<\/p>\n

If you can\u2019t get into the recovery screens, you can use the Windows installation media (disc or USB drive) for your particular version\/edition to access the recovery tools. You\u2019d boot up to that install media, but click\u00a0Repair your computer<\/em>\u00a0on the main menu before proceeding with the installation. Alternatively, you can\u00a0create a Windows System Repair Disc\u00a0on another PC running the same Windows version, and then boot to that disc on the infected PC to reach the same recovery tools. We\u2019ve previously discussed this process for Windows 7<\/a>, Windows 8<\/a>, and Windows 10<\/a>.<\/p>\n

If System Restore doesn\u2019t help and you still can\u2019t get into Windows to remove the ransomware, try running a virus scanner from a bootable disc or USB drive; some people refer to this approach as an offline virus scan. My favorite bootable scanner is from\u00a0Bitdefender<\/a>, but more are available:\u00a0Avast<\/a>,\u00a0AVG<\/a>,\u00a0Avira<\/a>, Kaspersky<\/a>,\u00a0Norton<\/a>, and\u00a0Sophos<\/a>\u00a0all offer antivirus boot-disk software.<\/p>\n

Bitdefender\u2019s antivirus boot disk in action.<\/p>\n

If you still have no luck after trying Safe Mode and an on-demand scanner, performing a System Restore, and running an offline virus scanner, your last resort is likely to perform a\u00a0full restore<\/a> or clean re-install of Windows<\/a>. Most ransomware isn\u2019t that tenacious, however.<\/p>\n

Showing hidden files in Windows 7 takes a couple of clicks.<\/p>\n

With that out of the way, it\u2019s time to repair the damage. If you\u2019re lucky, your PC was infected by malware that didn\u2019t encrypt your data. If it appears you\u2019re missing stuff though, the malware may have merely hid your icons, shortcuts, and files. It usually does this by making the files \u201chidden.\u201d Here\u2019s how to check, depending on your OS version:<\/p>\n

Showing hidden files in Windows 8 and after is a cinch.<\/p>\n

If your data reappears after you elect to show hidden files, that\u2019s great\u2014it means there\u2019s an easy fix for your woes. Open\u00a0Computer <\/em>or File Explorer<\/em>, navigate to C:Users, and open the folder of your Windows account name. Then right-click each folder that\u2019s hidden, open\u00a0Properties<\/em>, uncheck the\u00a0Hidden<\/em>\u00a0attribute, and click\u00a0OK.\u00a0<\/em>Boom! Done.<\/p>\n

If you still can\u2019t find your data, and your files really have been malware-encrypted, you\u2019re in trouble. Usually it isn\u2019t possible to just decrypt or unlock your hostage files, because the decryption key is typically stored on the cybercriminal\u2019s server. Some victimized users have reported that some pieces of malware will keep their promise, decrypting and returning your files once you pay, but I don\u2019t recommend paying.\u00a0<\/p>\n

This is why we constantly tell you to\u00a0back up your PC<\/a>\u00a0on a regular basis.<\/p>\n

If you previously set and created backups, scan them for viruses on another PC (one that is\u00a0not<\/em>\u00a0infected) if at all possible. If all of your important files are backed up, you can proceed in removing the malware and then simply restoring your backed-up files.<\/p>\n

If you don\u2019t have a backup system in place, you might be able to recover\u00a0some<\/em>\u00a0files from Shadow Volume Copies\u2014if the malware hasn\u2019t deleted them. Shadow Volume Copies is part of Windows\u2019 System Restore feature. Either right-click\u00a0on the\u00a0<\/em>files or folders you want to restore\u00a0and open\u00a0Properties<\/em>\u00a0to view the Previous Versions list, or use a program called\u00a0Shadow Explorer<\/a>\u00a0to browse the snapshots.<\/p>\n

But don\u2019t rely on that. Start backing up your PC today, and do it regularly.<\/p>\n

Avoiding ransomware is much the same as avoiding other types of other malware.<\/p>\n

Always run a\u00a0good antivirus utility<\/a>\u00a0and keep Windows and browser-related components (Java, Adobe, and the like)\u00a0updated.\u00a0Keep your browser clean<\/a>\u00a0of junk toolbars and add-ons to prevent adware invasions that could lead to malware infections. Always,\u00a0always<\/em>\u00a0be wary of unexpected email attachments and spam.<\/p>\n

And just to beat this dead horse one more time: Always have a good backup system in place, just in case your PC does become infected and you can\u2019t recover your files. Yes, it\u2019s that important.<\/p>\n

Editor’s note: This article was oroginally published January 13, 2014, and updated April 3, 2017.<\/em><\/p>\n

This story, “How to rescue your PC from ransomware” was originally published by PCWorld<\/a><\/span><\/span>.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Eric Geier| Date: Mon, 03 Apr 2017 17:51:00 -0700<\/strong><\/p>\n

\n
\n

With \u00a0nasty malware like Locky<\/a>\u00a0making the rounds\u2014encrypting its victims\u2019 files, and then refusing to unlock them unless you pay up\u2014ransomware is a serious headache. But not all ransomware is so difficult.<\/p>\n

You can remove many ransomware viruses without losing your files, but with some variants that isn\u2019t the case. In the past I\u2019ve discussed general steps for\u00a0removing malware and viruses<\/a>, but you need to apply some specific tips and tricks for ransomware.\u00a0The process varies and depends on the type of invader. Some procedures involve a simple virus scan, while others require offline scans and advanced recovery of your files. I categorize ransomware into three varieties: scareware, lock-screen viruses, and the really nasty stuff.<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11072,11073,714],"class_list":["post-7243","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cybercrime-hacking","tag-malware-vulnerabilities","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7243"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7243\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}