Can You Remove Ransomware Without Losing Data

With nasty malware similar Locky making the rounds—encrypting its victims' files, and and so refusing to unlock them unless yous pay upwardly—ransomware is a serious headache. But non all ransomware is and then difficult.

You lot tin remove many ransomware viruses without losing your files, only with some variants that isn't the case. In the by I've discussed general steps for removing malware and viruses, but you lot need to apply some specific tips and tricks for ransomware. The process varies and depends on the type of invader. Some procedures involve a elementary virus scan, while others require offline scans and advanced recovery of your files. I categorize ransomware into three varieties: scareware, lock-screen viruses, and the actually nasty stuff.

Scareware

fakeav example — An example of a false antivirus app.

The simplest type of ransomware, aka scareware, consists of artificial antivirus or make clean-upward tools that merits they've detected umpteen problems, and demand that you pay in social club to fix them. Some specimens of this multifariousness of ransomware may allow yous to utilize your PC but bombard yous with alerts and pop-ups, while others might forestall you from running whatsoever programs at all. Typically these invaders are the easiest type of ransomware to remove.

Lock-screen viruses

kovter ransomware — The Kovter ransomware locks down your computer, displaying a fake notice claiming to be from several regime government.

Next is the ransomware variety I call lock-screen viruses, which don't let you lot to use your PC in any way. They display a full-size window afterward Windows starts up—usually with an FBI or Department of Justice logo—saying that y'all violated the police and that you lot must pay a fine.

The really nasty stuff

locky ransomware — A ransomware program called Locky has speedily become 1 of the almost mutual types of malware seen in spam.

Encrypting malware—such as Locky—is the worst variant, because it encrypts and locks your personal files until you pay up. But even if you haven't backed upward your files, you may have a chance to recover your data.

Removing ransomware

Before yous tin free your hostage PC, you have to eliminate the hostage taker.

If you lot take the simplest kind of ransomware, such as a fake antivirus program or a artificial clean-up tool, you can usually remove it by following the steps in my previous malware removal guide. This procedure includes entering Windows' Safe Manner and running an on-need virus scanner such as Malwarebytes.

If the ransomware prevents you from inbound Windows or running programs, as lock-screen viruses typically exercise, yous can try to use Arrangement Restore to ringlet Windows back in time. Doing and so doesn't affect your personal files, but it does return system files and programs to the country they were in at a certain time. The Arrangement Restore characteristic must be enabled beforehand; Windows enables it past default.

windows7 advanced boot options — You lot tin usually bring up the Advanced Kicking Options of Windows seven by pressing F8 during booting.

To start the restoration process using Arrangement Restore, follow these steps depending on your Os version:

Windows seven

Shut down your PC and locate the F8 key on your PC's keyboard.
Plough the PC on, and every bit soon as yous see annihilation on the screen, press the F8 primal repeatedly. This action should bring up the Advanced Boot Options carte.
SelectRepair Your Estimator and press Enter.
You'll likely have to log on as a user. Select your Windows account name and enter your password. (If you don't take a countersign set, go out that blank.)
In one case logged on, clickSystemRestore.

Windows 8, 8.i, or 10

windows10 recovery — You lot can get to the recovery options of Windows 8, 8.1, and 10 past belongings shift when rebooting from the Windows login screen.

If your PC boots to the Windows login screen, hold the Shift cardinal, click the power icon, and select Restart.
Information technology should reboot to the recovery screens.
Select Troubleshoot > Advanced Options > Organization Restore.

If you tin can't go into the recovery screens, you tin can use the Windows installation media (disc or USB bulldoze) for your item version/edition to access the recovery tools. You'd kicking up to that install media, simply clickRepair your computer on the main menu earlier proceeding with the installation. Alternatively, y'all can create a Windows Organization Repair Disc on another PC running the same Windows version, and then kick to that disc on the infected PC to reach the aforementioned recovery tools. We've previously discussed this process for Windows 7, Windows 8, and Windows x.

If System Restore doesn't help and you lot still tin can't get into Windows to remove the ransomware, try running a virus scanner from a bootable disc or USB bulldoze; some people refer to this approach equally an offline virus browse. My favorite bootable scanner is from Bitdefender, but more are available: Avast, AVG, Avira, Kaspersky, Norton, and Sophos all offer antivirus boot-disk software.

bitdefender rescue cd — Bitdefender's antivirus boot deejay in action.

If you still have no luck after trying Prophylactic Mode and an on-demand scanner, performing a Arrangement Restore, and running an offline virus scanner, your concluding resort is likely to perform a full restore or clean re-install of Windows. Nigh ransomware isn't that tenacious, all the same.

With that out of the way, information technology'southward time to repair the harm. If you're lucky, your PC was infected by malware that didn't encrypt your data. If information technology appears you're missing stuff though, the malware may have merely hid your icons, shortcuts, and files. It usually does this by making the files "hidden." Here's how to check, depending on your OS version:

Windows 7

OpenCalculator.
Printing the Alt key and selectTools.
ClickFolder Options and select the View tab.
SelectShow hidden files, folders, and drives, and then clickOK.

Windows viii, 8.1, and 10

Open a File Explorer window.
Select the View tab on the summit pane.
Check Hidden items.

show hidden files win10 — Showing hidden files in Windows 8 and after is a cinch.

If your data reappears afterward you elect to testify hidden files, that's bang-up—information technology ways there'south an piece of cake fix for your woes. Open upComputer or File Explorer, navigate to C:Users, and open up the folder of your Windows account proper noun. Then right-click each folder that's subconscious, open upProperties, uncheck theSubconscious attribute, and clickOK.Boom! Done.

If you nevertheless tin't notice your information, and your files really accept been malware-encrypted, you're in problem. Ordinarily it isn't possible to only decrypt or unlock your hostage files, because the decryption cardinal is typically stored on the cybercriminal's server. Some victimized users have reported that some pieces of malware will go along their hope, decrypting and returning your files once you pay, merely I don't recommend paying.

This is why we constantly tell you to support your PC on a regular basis.

If you previously set and created backups, scan them for viruses on another PC (1 that isnot infected) if at all possible. If all of your important files are backed upwardly, you can proceed in removing the malware and then simply restoring your backed-up files.

If you don't have a backup organisation in identify, you might be able to recoversome files from Shadow Book Copies—if the malware hasn't deleted them. Shadow Book Copies is part of Windows' System Restore feature. Either right-click on thefiles or folders y'all desire to restore and openProperties to view the Previous Versions list, or use a program called Shadow Explorer to browse the snapshots.

But don't rely on that. Start backing upwardly your PC today, and do it regularly.

Preventing ransomware and malware infections

Avoiding ransomware is much the same as avoiding other types of other malware.

Always run a good antivirus utility and go along Windows and browser-related components (Coffee, Adobe, and the like) updated. Go along your browser clean of junk toolbars and add-ons to prevent adware invasions that could atomic number 82 to malware infections. E'er,always be wary of unexpected email attachments and spam.

And only to beat out this dead horse one more than time: E'er accept a practiced backup system in place, simply in case your PC does become infected and you can't recover your files. Yes, information technology's that important.

Editor's note: This commodity was oroginally published January 13, 2014, and updated April three, 2017.