What to do when ransomware infected your PC

Ransomware is a type of malware, or malicious software, that blocks a computer or encrypts files. Only when you pay a ransom (ransom) would you be able to use the computer or files again. Other terms for ransomware are cryptoware or hostage software.

Ransomware is very annoying and, in most cases, also dangerous for corporate privacy. For example, you can unknowingly lose your entire photo archive or music collection, including connected backups. Older variants of ransomware only block the Internet browser or the start-up of the computer. Criminals are increasingly targeting companies and institutions because there is more money to be made there. However, as a home user, you should still be careful.

What does ransomware do on a computer? First, holds files hostage by encrypting them. This means that you can no longer open files.
It demands payment in the digital currency Bitcoin. This translates into hundreds or even thousands of euros. After a time limit, the amount is sometimes increased.
Infection occurs via malicious files (usually in email attachments) or via a leak on the PC caused by non-updated software. In the latter case, the ransomware can get onto the PC without you even having to click on anything.
Suspicious files in emails include: zip, exe, js, lnk and wsf files. In addition, word files that ask you to enable macros are also dangerous.
Watch out for fake Microsoft employees calling you. Your PC supposedly has a problem, and so they want to log in remotely, after which they block your PC or files with ransomware.
Paying a ransom is not recommended but can be a last resort.
The encryption usually cannot be undone without the key. If you are lucky, there is a solution, though.
Ransomware can also infect files on connected external hard drives or network storage with a drive letter in Windows Explorer (such as E:, F:, G:). Therefore, keep a backup separate from the PC.

Unfortunately, files are often not recoverable in the event of a ransomware infection if you do not have a backup. Go through the following steps if your files are encrypted:

First, remove the malware so that files are not re-encrypted. Then, do an extensive scan with your virus scanner and a second opinion with trusted software like Malwarebytes or HitmanPro.
Place a backup of the files back. Of course, the prerequisite is that there is a (recent) backup and that the cryptoware has not encrypted it.
If you are lucky, the creators of the cryptoware have been caught, or police or security researchers have managed to obtain encryption/decryption data. For an overview of ransomware decryptors, which allow you to save your files without the help of criminals, check out nomoreransom.org, an initiative of Europol and others. For newer ransomware, there is often no solution.

The risk of data loss with ransomware is high, so it is crucial to prevent infection and back up regularly if it does happen. Follow the tips below to reduce the risk of viruses and cryptoware.

Install a good virus scanner. Keep all software up-to-date, including operating system, internet browser, browser add-ons, and popular programs, such as Adobe Reader. With ScanCircle, you can quickly see how your PC is doing. For software such as Adobe Flash and Java, deactivation is recommended.
Please do not click on attachments and links in emails unless you are sure that it is trusted.
Do not enable macros in third-party Office documents, especially if the document asks you to.
Ransomware is often an executable .exe file disguised as another file type, such as a PDF document. Disable file extensions so you can see through the disguise.
And again: make backups. Backups are the only resort to prevent all your data loss.