Ransomware is malicious software (malware) designed to extort money from users. There is a lot of information being shared about all the different types of ransomware. With all the data available, it's hard to get a full understanding of this serious threat. That's why we put together these FAQ's. It's our hope that it will help you to better understand this type of threat, what to do if you are affected by it and what measures you should have in place to prevent it and/or recover from it.
What is ransomware?
There are two main types of ransomware: lockscreen ransomware and the more troublesome encryption ransomware. Lockscreen ransomware displays a full-screen message that prevents you from interacting normally with your device, demanding a ransom to unlock it again. Encryption ransomware scrambles your files, demanding a fee be paid for the encryption key needed to unscramble them again.
How can I protect against ransomware?
Maintain good security. Install anti-malware utilities on your device, update all applications and software regularly, and use a reliable backup and recovery system to prevent data loss.
How does ransomware infect my system?
Typically, ransomware infects your system when you visit a website that forces your device to download malicious code. You may also be tricked into downloading ransomware disguised as something else, such as an email attachment or a software utility.
How can I remove ransomware from my system?
You can usually remove ransomware with standard anti-malware utilities. If you're locked out of your device, it may be possible to regain access if you reboot it in safe mode.
How do I recover my files?
Your ability to recover your files depends on whether someone encrypts your files and what recovery systems you have in place. Some ransomware only claims to encrypt files but doesn't actually do so. In this case, it may be enough to simply remove the infection. If your files are encrypted, you may need to restore them from backups. Your system must be cleared of any malware before recovery can take place.
How can the message include my IP address?
Your IP address isn't normally hidden unless you take steps to conceal it. There are a great many tools that can uncover your IP; the ransomware creator probably included such a tool in their design.
Could the authorities have detected illegal activity on my system?
No. This is a ruse the malware developer employs to make you pay. Ransomware messages can look convincing, with the names and logos of legal authorities prominently displayed. However, law enforcement will not interact with you in this way.
I can't access my system or my files. Should I pay the ransom to regain access?
Whether or not you decide to pay will depend on your situation. Be aware that paying the ransom may not allow you to regain access to your files. If you do pay, the culprit may target you for future attacks.
What should I do if I've already paid?
If you've paid using a credit or debit card, or an online payment service such as PayPal, you might be able to recover the money from your payment provider. If you've used a digital currency such as Bitcoin, recovering the money may be difficult, if not impossible. Contacting law enforcement, such as the police, can be a useful first step. You can also contact a government anti-fraud service, such as OnGuardOnline in the United States.
Always remember that protection against malware is protection against ransomware. Keep your devices and systems secure and back up your files regularly to protect yourself against this kind of threat.