If you’ve been following our blog series on ransomware, you know that cyber extortionists are running rampant on the Internet. You know that you can avoid having your computer or files hijacked by ransomware by following some basic safety practices, and you know the trade-offs in paying or not paying ransom and how to deal with cyber currency. But what if, despite your best efforts, ransomware gets hold of your computer and you don’t want to pay. Do you have options, or do you have to kiss your data goodbye?
The short answer is: it depends. If you have recently backed up your system, you or your favorite tech support person can just wipe your machine clean, reinstall the operating system (to make sure any malicious software is deleted), and restore your data from the backups. If not, you can try to recover your files. We’ll explain how, but be warned: you need some technical skills, and it’s a long shot
The first step in trying to recover from ransomware is to determine what kind of ransomware you have. There is a free site called ID Ransomware where you can upload the text of the ransom note or a copy of one of the affected files, and it will tell you if you’re infected with a variety of ransomware that it recognizes. (There are thousands of kinds of ransomware out there, so no guarantees, and as with all free software and online tools, use at your own risk.)
The second step is to try to decrypt your files. You’ll need to locate a decryptor tool for your strain of ransomware and follow the instructions. If you’re on a PC, The Windows Club recently published a list of free ransomware decryptor tools, and security company Kaspersky Labs offers some free decryption tools. You can also just do an online search. There is very little ransomware that targets Mac computers, so decryptors for Mac may also be harder to find. If there are no free tools, you could pay for decryption, but it may be cheaper to pay the ransom or let your data go. If you do find a tool and you’re lucky, you might recover your files.
Whether you manage to recover your files or not, a ransomware infection should be a wake-up call. First, ransomware doesn’t come from nowhere, so you need to be even more careful what you download or click. Second, consider running security software such as Norton, Symantec, or Kaspersky to help spot and contain malicious software before it infects you. Finally, if you’re one of the 2/3 of U.S. consumers who’s not yet doing regular backups of your computer or devices, start! Good backups are the only 100% protection against ransomware.