
Prevention
The best way to prevent an infection is to not rely on just one solution, but to use multiple, layered solutions for the best possible protection.
1. Security Awareness Training
It’s easier to prevent malware infections if you know what to look for. If you understand the latest techniques cyber-criminals are using, the easier it will be to avoid. Know your enemy! Take an active approach to educating yourself by taking a security awareness training course.
2. Internet Security Products
There are many commercial products that will help you avoid all malware infections, but understand that none of them are 100% effective. The cyber criminals are always looking for weaknesses in security products and promptly take advantage of them.
3. Antivirus Software
While antivirus is highly recommended, you should have multiple layers of protection in place. It is not wise to solely rely on antivirus software to keep your PC secure, as it cannot prevent infections from zero-day or newly emerging threats.
4. AntiMalware Software
Most anti-malware software like MalwareBytes is designed to run alongside Antivirus products, and it’s recommended you have both in place.
5. Whitelisting Software
Whitelisting offers the best protection against malware and virus attacks. Whitelisting software allows only known good software that you approve to run or execute on your system. All other applications are prevented from running or executing.
6. Backup Solutions
In the event of a catastrophic attack or complete system failure, it’s essential to have your data backed up. Many have been able to quickly and fully recover from an attack because their data was backed up and safe.
Removal Instructions
Because all strains are different, there isn’t one set of removal instructions that works across the board. Below are steps to take to begin the removal process from a Windows PC, which may work completely for some but not all if you have a really nasty infection. However, if you don't remove it, you will be unable to decrypt your encrypted files so they will be gone forever!
1. Malware Scan. It’s recommended to use MalwareBytes to detect and remove the malware. First download the free version of MalwareBytes. If you are unable to run a MalwareBytes scan, restart your PC in safe mode and try to run the MalwareBytes scan this way.
To enter safe mode: as your computer restarts but before Windows launches, press F8. Use the arrow keys to highlight the appropriate safe mode option, then press ENTER.
2. System Restore. Some strains will prevent you from entering Windows or running programs, if this is the case you can try to use System Restore to roll Windows back in time before the infection. Restore your system using the System Restore settings by restarting your PC and hitting the F8 key when the PC begins to boot up.
3. Recovery Disk. Use your Windows disc to access recovery tools by selecting “Repair your Computer” on the main menu. If you don’t have your Windows disc, you can create one from another PC running the same version of Windows.
4. Antivirus Rescue Disc. If a system restore doesn’t help and you still can’t access Windows, try running a virus scan from a bootable disc or USB drive. You could try using creating a Bitdefender Rescue CD.
5. Factory Restore. If the above steps have not worked, the last resort is a Factory Restore. PC World has comprehensive instructions for performing a factory restore.
If you manage to remove the infection from your PC using any of the steps above (except the factory restore) your next task will be to recover your files.
Unhiding Files
If you are lucky, hopefully your data didn't get encrypted but instead hid your icons, shortcuts, and files, you can easily show hidden files: Open Computer, navigate to C:\Users\, and open the folder of your Windows account name. Then right-click each folder that’s hidden, open Properties, uncheck the Hidden attribute, and click OK. You should be good to go from here.
Encrypted Files
If you followed the steps above to unhide your files and this didn’t work and you still can’t find any of your data, this means that your files have been malware-encrypted. This is not good. Unfortunately it isn’t possible to decrypt or unlock your hostage files, because the decryption key is typically stored on the cybercriminal’s server. From here you have 2 options:
Option 1: Restore your files from a backup. If you have a backup system in place, and they haven’t been encrypted as well, you should be able to restore all your files this way. If you don’t have a backup system in place, you might be able to recover some of your files from Shadow Volume Copies, but most definitely not all your personal files. To use shadow volume copies, right-click Select files/folders and open Properties to view the Previous Versions list, or use a program called Shadow Explorer.
Option 2: Pay the Ransom. Most authors will deliver the decryption key and return your files once you pay, but keep in mind, there is no guarantee. You may pay the ransom and get nothing in return, after all you are dealing with thieves.