My files are encrypted by ransomware, what should I do now?First you need to calm down and avoid acting in rash. You need to realize that your computer has been attacked by ransomware, which means that the problem is not limited to just losing encrypted files. Most likely, an active infection is still present on your computer. In all your further actions you should consider the fact that everything that you all you do on the computer, as running programs, entering credit card numbers, making calls – all this can now be intercepted by cyber-criminals.
Step 1. Remove spyware and backdoors
Now the main task is to get rid of a virus that spies on you or continues to encrypt all available files. To do this, follow the link to download GridinSoft Antimalware, and following these instructions clean your system from infection. Many users are afraid to do this because they think that all encrypted files will also be deleted along with viruses. This is not true! Encrypted files are not a virus. They will not be removed by the virus removal tool.
Once your system is clean, you can proceed to the next step – determine the type of ransomware with which you were attacked. All of them are divided into families on the basis of a principle they use. For example, such families as STOP/Djvu, Dharma, Zeppelin, Sodinokibi, Matrix and the others are widely known. Some of them have a decryption method that does not suggest turning to attackers for ransom. Others it is practically impossible to decrypt.
Step 2. Find your kind of infection
To determine the type of threat, you can use the search on our site, for example, by entering in the search extension of the files that you received as a result of infection. Or you can search by attackers e-mail, that can be usually found either in the form of a separate file, or in a folder with encrypted files. Here is an example of a search if all your files changed their extension to “.msop”:
Or an example of a search by ransomware e-mail “firstname.lastname@example.org”:
If you couldn’t find the type of virus that attacked you, use this form to send us a request for review:
Step 3. Try to recovery your data
Now, determine the specific type of threat carefully read the article which describes in detail what you are dealing with and what are the ways to solve the problem. You should remember that the easiest way is to restore your files from a backup. Even if you think you didn’t do it, it still makes sense to check if it is there. The fact is that windows can back up on its own without notifying you.
If no backup is found, look in the cloud storage: Google Docs, OneDrive, Apple iCloud and others that you may have used. Quite often, people in a panic forget that they used cloud services and their files are still stored there. In case that there is no exact backup, try using the utilities specified in the infection description.You need to understand that if the tool indicated that it cannot help you, most likely it means that the type of virus that infects your computer appeared recently. So the developers of anti-virus solutions need time to add your case to their database. This can take either a few days or several months. Here you need to be patient. Periodically check our site for new decryption methods. We regularly update our materials and monitor the release of updates.
We can recommend that you collect all encrypted files on a separate carrier along with a ransom note, and save until solution is found.
User Review( votes)