Let's start with what you shouldn't do. Please do not search the Internet for a specific ransomware removal guide. If your data has been encrypted by ransomware, you cannot get it back by using so-called virus removal tools. All these tools can actually do is remove the initial malware that installed the ransomware. Don't expect them to recover your files because they won't.
Many websites provide only a little bit of information about the ransomware infection and then try to sell a paid tool to remove the ransomware. But don't rely on this being effective. And an important tip: never restart your computer if you suspect it is infected with ransomware. There is a chance that the decryption key is in your computer's memory. If you restart, this key will be lost.
What can you do in such a situation? To be honest, there isn't much that offers certainty. Often the only thing that really works to get encrypted data back is to pay the cyber criminals. That's because they have the key to decrypt your data, and this key is usually only available on their server.
There was a time when some ransomware variants contained the key on the infected computer itself, in its memory. But with most modern ransomware, cybercriminals no longer make this mistake. So your choices are often limited to paying or restoring from backup.
While it may be tempting to pay the cyber criminals, especially if you have no backup or the information is very valuable, this is strongly discouraged. Paying promotes cybercrime and there is no guarantee that you will actually get your files back after payment. It is best to make regular backups and be careful with suspicious emails and downloads to avoid such situations.
File a report
Combating cybercrime, such as ransomware, starts with your action. It is crucial that you report it to your local police department if you become the victim of such an attack.
Nowadays, ransomware is being taken more and more seriously by the police. Reporting can help identify the cybercriminals responsible and provide a better understanding of how widespread the ransomware problem is. Although it may seem pointless to report it, it is an essential step in the fight against this form of crime. Not only does it help to map the size, but if an accumulation of reports occurs, criminals can sometimes be traced and held accountable, for example by tracing the flow of digital currency.
There is also something else you can try. Visit the website nomoreransom.org. This site keeps track of which variants of ransomware are active and in some cases offers tools that allow you to unlock your data without paying. It is a valuable resource in the fight against ransomware and can provide a solution in certain situations.
Nomoreransom project
On the website nomoreransom.org you will only find tools for ransomware where the key can be found offline, i.e. somewhere on the infected computer itself. However, many ransomware variants use a key stored on an external server. Unfortunately, without that specific key, decrypting the encrypted data is not possible.
Back-up
First check if you have a backup. If you have a full backup of Windows, restore it. But if you only backed up certain files, make sure you completely remove the ransomware first before restoring your files. There are various services available online that can help you with this.
If your company has been hit by ransomware, it is wise to seek professional help immediately. Rather than trying to work with all kinds of tools yourself, let an experienced company help you.
Make sure your computer is clean before recovering files
If you, as a private individual, have to deal with malware, you can Try Malwarebytes completely free. That's a malware removal app and you can try it for free for 14 days without having to purchase it outright. Malwarebytes scans your computer for ransomware and ensures that the source file, also called the payload, is deleted. Before restoring your data from external backups, it is important to first ensure that the ransomware file is completely gone from your computer.
Additional tips
Steer clear of websites that show off free videos, downloads and pirated software. I know from experience that this is often how a typical home user's computer becomes infected with ransomware.
And beware: don't believe those ads that suddenly appear in your browser claiming that your computer is infected. Such unwanted pop-ups often secretly install malware on your computer, which can later lead to a ransomware infection.
And a tip: if you receive strange emails, especially those with attachments such as invoices, PDFs or Office documents with extra code (Macros), do not open them. They are often traps in disguise.
Good luck! Thank you for reading.