You've all probably heard about ransomware by now. What you may not know, is that there are numerous tools out there to help you recover from a ransomware infection. As new variants emerge, additional decryption tools have sprung up.
NOTE: If you have a proper backup of your data, you may not need to follow these steps. Simply restore your data from backup and you should be back in business. There are some exceptions, such as infections which lock you out of your PC completely, in which case you will need to either reimage your computer, or run one of the aforementioned decryption tools, as well as restore your data from backup.
If your PC or network has been hit by ransomware, you'll first want to identify the specific variant (this is necessary in order to find the proper decryption tool - if one is available). Grab a copy of the ransom note which was placed on your hijacked device. This may be a plain text file (.txt), a Word document (.doc, .docx), or possibly a HTML file (.html, .htm). Regardless of the file format, the ransom note will typically follow the same format:-
Details the fact that your files have been encrypted and are being held for ransom
Instructions on how to download and install the Tor Browser
Link to Tor browser accessible website which provides additional instructions, such as how to obtain Bitcoin, and how to pay your attackers the ransom via Bitcoin.
Just about every unique strain of ransomware contains a ransom note which is unique to the strain. Through this, we are left with a fingerprint which can be used to ID the specific variant of ransomware which has locked up your data.
Upload the ransom note to the following site for analysis:
Now that you know which ransomware variant is holding your files hostage, you can browse the site below for the appropriate decryption tool - assuming one exists (decryption tools are NOT available for each and every ransomware variant).
If this all sounds like a major hassle, you are correct, it is! It's best to prevent the infection from ever happening in the first place. I'll cover that at a bit later.