How to deal with Ransomwares?
You should always take steps to protect your system and prevent infecting with ransomwares. However, let say you observe your system is infected with Ransomware and a message to pay, then what should you do? In such a case, we explain the steps which you have to follow in two conditions:
System is Infecting: let’s say a malware infected your system and asking you to pay. The first thing you should do is to shutdown your system right away. If you don’t have access to shutdown or your system won’t shutdown, then press the Power button for few seconds to force shutdown (note we normally never recommend force shutdown, but in this case, you have to do it to prevent further damage). Then find another Safe PC and try download the Microsoft Safety Scanner on a USB , have a look at Microsoft Safety Scanner Download | Microsoft Learn. Then disconnect your infected device from internet, disconnect cable (if any) and turn on your PC and then run the Safety Scanner and run a full scan with it. See if it detects anything and list down name of malwares and remove them.
System after Infection: In this case, you should use Safety Scanner and run a full scan and attempt to remove the malware. In addition, take a sample of encrypted file and you may visit Home | The No More Ransom Project and submit sample of files and follow steps and it might guide you on advance removal or recover your data. However, experience shows it is not easy to recover most files because the encryption key is keep changing. Try remove all traces of malware and update your Anti-Malware product. You may try run a scan with Microsoft Defender Offline, have a look at Help protect my PC with Microsoft Defender Offline - Microsoft Support.
It is important to submit samples in order for security researcher to be able to investigate and prevent or infection in future or even help to discover new keys. In case you have a sample of file which infected your system, you may submit it to Submit a file for malware analysis - Microsoft Security Intelligence and make sure explain about the source of infection. Was it from USB, email, etc. In case it was from a website, then you may submit the URL of the website to Report an unsafe site - Microsoft Security Intelligence.
Ransomwares are considered threats for organizations and users globally; we could work together in order to protect our systems and help other users. Let’s work together to protect ourselves against ransomwares.