Using the Internet safely may seem like a simple thing, but many have discovered that this is not always the case. Almost everyone knows about the dangers of malware, spyware, and viruses, but there is one Internet threat on the rise that can be extremely difficult for technical services to deal with called “Ransomware.”
RESCUECOM is the leading computer repair company in North America and the U.K. and as such we provide this article for people who need to recover from a Ransomware attack.
While RESCUECOM does not endorse criminal behavior, there is sparse information that explains how to remediate ransomware once your computer is already infected and encrypted. No matter how distasteful if will be to pay the criminals that did this to your system, if you have data that is irreplaceable your only option is to pay the ransom because if you do not, your computer and everything on it becomes completely inaccessible to you.
Here are the steps, in the order in which they occur, of a ransomware attack:
- Ransomware virus (cryptolocker) infects computer.
- You do nothing to remove ransomware virus or have free / improper antivirus on computer that cannot remove or prevent virus from affecting all files.
- Ransomware begins to encrypt all data files on your computer. The affected computer is typically very sluggish and slow, and you may even see a blue screen several times while files are being compromised (encrypted). Once begun, this process can take anywhere from mere seconds to a week depending on the quantity of files and size of hard disk.
- Ransomware flips the encryption switch, encrypting all data files on the computer.
- All data files become unusable.
- Ransom demand is made;
“user must make payment in order to unlock files.” Often there is a time limit.
- You must figure out how much is being demanded and how to pay.
- You pay the ransom knowing no guarantee or remedy is available if you do not get your data files decrypted.
- If you do not acquiesce to ransom demands, your data files remain locked and unusable.
- You must download TOR or similar browser to communicate with the criminals system.
- Send payment;
the preferred method of criminals is Bitcoin. If time is of the essence, you can purchase them locally from a site such as localbitcoins.com. Other means include wire transfer, premium-rate text message, or pre-paid online voucher, but these are much less likely to be accepted.
- The attacker supplies a program that can decrypt the files or sends an unlock code that removes the virus (being a criminal, the attacker will sometimes “take the money and run,” as it were, and files may never be unlocked, for which there is no recourse or solution. At times, a second ransom demand may be made).
- It is wise at this point for the user to pay for full Internet Security and virus protection to prevent future attacks.
- One thing you need to know when this happens is how to go about opening the decoder once a ransom is paid.
Ransomware locks your computer and forces you to pay the attacker to receive a special decrypter known as a decoder to remove the virus. Once the ransom is paid, there is nothing you can do until you know how to open a decoder. Here are some important details pertaining to the information above:
You will need to purchase bitcoin as outlined in a file on your infected computer.
RESCUECOM Recommends the following steps to accomplish recovering and decrypting your data as safely as possible:
*** You must perform all actions after step 5 below from the computer that is infected. ***
- Create a single-use bank account with a bank.
- Put the amount of money being used to purchase the bitcoins plus any fees in the bank account.
- Purchase bitcoins from reputable exchanges only; we recommend Coin Base. If time is of the essence, we suggest that you buy them locally from a site such as localbitcoins.com.
- It takes about a week to confirm the bank account and receive the bitcoins.
- Once you have the bitcoins, there is an instruction file on your machine that looks something like: “_HELP_instructions.txt” or “help recover files.txt.”
- You must then follow the instruction to send the bitcoins.
- You may need to use a TOR browser, as links sent by attackers rarely work in standard browsers, even if you know how to open a decoder once a ransom is paid. This is a modified version of the Firefox browser that allows you to access websites like Google Chrome or Internet Explorer anonymously and access different websites unseen by search engines. The only way to open a decoder once your ransom is paid is to download a TOR browser from a reputable site such as CNET.
- Once you give the attackers the payment, it may take up to 60 minutes to receive the download decoder file, then you can use your knowledge (gained from this article) of how to open the locky decoder once the ransom is paid.
- You will need to keep refreshing the TOR browser until the file is available.
- Once the decoder file is available, you will need to download and execute it on the infected computer.
There are many people unfortunately finding themselves forced to answer the question “once my ransom is paid, how can I open the decoder?” Ransomware is a form of malware that installs secretly “behind the scenes” on a computer or mobile device, executes an attack that renders the data unusable, and demands a ransom payment to restore. Proper security software will prevent a ransomware attack, but if it does occur, the only way to get your data back is to pay. This is when you need to know how to proceed opening a decoder once your ransom is paid.
You should know that, even if you follow all of the above steps to the letter, there is no recourse if the decoder does not work. You could pay and then get some or no files and have to pay again, and there are no guarantees with criminals, so you must be aware of this possibility. There is also no help file or instructions, which is why we are telling you how to open a decoder when you have paid the ransom and receive the decoder.
These are all the things you need to know how to recover from the locking of you files and subsequent ransom demands, and you may be free from the ransomware, though you must prepare for the possibility that certain ransomware viruses will not unlock your files as you had hoped!
Once you get your files back, perform multiple backups and a virus scan on the new files. RESCUECOM recommends restoring the computer to factory settings or purchasing a new computer to reduce the risk of another attack.
This is why paid Internet security software can be so vital to have at all times, and is even more effective when you ensure that it is always up to date and constantly backed up. Remember that RESCUECOM does not endorse this behavior but prior to this article, there were no good instructions on how to perform this process that you must go through if you are infected with ransomware and must open a decoder once your ransom is paid.