If your laptop or PC has been infected by ransomware, i.e. a blackmail virus, you’ll receive a message asking you to pay a ransom. You’ll feel like your in the the hot seat, but that’s the whole point.
The criminal will crank up the pressure by threatening to destroy the encrypted data forever in a few days or publish it on the internet. If ever find yourself in this kind of situation, then your antivirus has failed. (You are running antivirus, right?)
In order to decrypt those files without paying the criminals money, you need to know which ransomware has your data. The ID Ransomware and No More Ransom services, among others, can help with this.
ID Ransomware: With ID Ransomware, there’s an upload button for encrypted files. You can also enter the blackmailer’s email address. The service uses this data to identify the blackmail virus behind the attack. It already knows 1,150 malware samples. However, it does not give out more than the name of the blackmail virus. You can enter the name together with the term “decryption tool” in Google and hopefully you will receive a tool with which you can decrypt your data.
No More Ransom: This service not only helps to identify the exact ransomware virus, but also offers the right encryption tool–if there is one. You’ll want to click on “Crypto Sheriff” on the website. This is where you can upload two encrypted files and enter information about the ransom note. Clicking on “Start Search” will provide you with a decryption tool in the best case scenario.
Generally speaking, there is a suitable decryption tool for many ransomware viruses. However, usually not for the malware currently circulating. This is because it takes some time for security researchers to crack the code or for the criminals to publish the master key.
If you cannot find a decryption tool in an emergency, you should still keep the encrypted files. A few months later, there may be a program that you can use to access them again. What’s more, an up-to-date backup is still the best defense against ransomware. Make sure you store the backup separately from the PC.
Further reading: Windows includes built-in ransomware protection. Here’s how to turn it on
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
