Ransomware is a malicious program that infects a computer and then locks or encrypts some parts, preventing users from accessing their computer or data. Commonly, after the ransomware is loaded on the user's computer, a message is displayed demanding payment to unlock it. Ransomware varies in its degree of difficulty to remove and how many areas are locked, ranging from a few files to the entire hard drive.
How to protect your computer from ransomware
There are several main ways to protect your computer from being infected with ransomware.
- At least monthly, check for and install any updates and patches for your computer's operating system and software.
- Install an antivirus and anti-malware program, and keep the program updated.
- Do not click a website link, download a file, or open an attachment in an e-mail if you do not recognize the sender of the e-mail. The link, file, or attachment may contain ransomware.
- If a program tries to install on your computer, and you don't recognize the program or did not initiate the install yourself, cancel or block the installation.
- Do not connect a USB flash drive to your computer if you do not know where the drive came from. If you receive a USB flash drive at a trade show or a non-reputable vendor, it could contain ransomware.
At least once a month, if not more often, create a backup of any important files. While backing up your files doesn't prevent ransomware, it does allow you to restore your files if your computer is infected with ransomware and files are encrypted. Assuming the backup is also not corrupted.
How to remove ransomware from your computer
Depending on the level of infection on your computer and you have an antivirus or anti-malware program installed, you can remove the ransomware. If you still have some access to your computer, follow the steps below.
If the ransomware encrypts files on your computer, those files can remain encrypted even after removing the ransomware.
- Reboot your computer to Safe Mode.
- Open the antivirus or anti-malware program installed on your computer.
- Run a virus and malware scan to find and remove the ransomware.
If you do not have any access to your computer or cannot boot the computer to Safe Mode, you can try the following.
- Remove the hard drive from the computer and externally connect it to another computer using a hard drive enclosure. Run a virus and malware scan on that hard drive to try and remove the ransomware.
- Take your computer or the hard drive if it's easily removable to a computer repair shop. They can connect a hard drive to another computer for virus and malware removal.
If the ransomware cannot be removed, or too many files are encrypted for the computer to be usable, restore the computer to factory settings. Restoring the computer erases all data and gets it back to working condition.