Ransomware Virus, How to remove and get my files back without paying?

There are 3 types of ransomwares.
Scareware, screenlock and data encryption.

I dunno which one you get, although mostlikely, you get the encryption type.
If you really get that type, just say good bye to your data.

Anti-virus and security firms (Kaspersky et al) have made decryption applications available for Cryptxxx and TeslaCrypt (and others, e.g. Locky, I think), after finding coding errors in them. The best bet is to see if you can find out what family it comes from, and if there's a decryption tool for it. Otherwise, hope your backups exist and are OK (and obviously don't connect the backups to an infected device to check...).

I'm just wondering what your mum did to even get this huge virus in the first place.

She needs to be more careful what sites she goes on, files downloaded and emails opened.

I'm just wondering what your mum did to even get this huge virus in the first place.

She needs to be more careful what sites she goes on, files downloaded and emails opened.

Click to expand...

Had a friend that got such ransomware on his laptop from an infected flash drive. After wiping the drive and doing a clean install of Windows he goes to get his files from his PC, and lo and behold, he plugs in the same flash drive. Poof goes the backup.

It's easy for the technology-literate to avoid such things, but not everyone is like that.

Hmmm....some AVs can really already decrypting some of those ransomware? cool! I did not know that.

@Wayfall:
I have to clean several systems already quite frequently for my sister, my old aunt and my old uncle. Thank goodness, no encrypting ransomware so far.

Viruses are attacking everywhere and the best antivirus is the user, not Kaspersky, not BitDefender, etc.
People, who are not really know their way around, will be more prone to viruses.
Careful? How? If they do not even know what is ok and what is not.
Even if you told them some things, they will forget it since they have not enough basic to really understand.
Trust me, I tried explaining already thousands of times.

Number of issues here.

Issue 1 - Can I get my files back?
=====================
The answer to that is maybe but don't bank on it.

Step 1: Disconnect PC from internet immediately
Step 2: Try a system restore to a point before the PC got infected.
Step 3: See if you can access your files. (goto step 4 if you got them, step 5 if you didn't)
Step 4: Copy only the absolutely necessary files to an external device (be aware that it is possible that the infection can get on this device so make sure it does not have anything important, I recommend a cheap USB stick)
Step 5: Try an earlier restore point.

Issue 2: What do I do now?
=================
Step 1: If you used this PC for internet banking or online shopping contact your bank and credit card company and tell them you have been hacked and your data is at risk.
Step 2: Log onto a PC that is free from infection and change all your passwords. This is essential as it is likely the hacker knows all of this information now and your accounts are at risk.
Step 3: Do a full reinstall of Windows and install Avast, Zemana anti-logger, malwarebytes anti-exploit & unchecky. Now update Windows. This should give you a decent level of protection.
Step 4: Teach your mum about these threats and safe browsing. I advise that you give your mum a user account with no admin privileges and setup remote desktop so you can do things for her that require admin privileges.
Step 5: Scan with TDSS Killer to make sure the malware did not infect the master boot.


P.S. Can people stop calling this a virus (one of my pet hates). As someone already pointed out this is Ransomware which is completely different from a virus. You can also call it malicious software (malware) which is the generic term for all infections. If you call it malware you will never be wrong, it just means you have not defined what type of malware it is.

Everything Malware, Adware, Trojan, Worm, Virus, Ransomware, etc. are all simply viruses for normal users.
It is a simple as that.
You can spend lots of efforts explaining the differences, which could take forever, or simply try to fix the problem.

Give a try to Malwarebytes Anti Malware. Choose the Free ones. And see how it goes.

I'm afraid I have to disagree and think your understanding contains a common misconception.

All viruses are malware but not all malware are viruses.

I found this link which I thought would be helpful for you: http/www.dummies.com/how-to/content/know-the-different-types-of-malware.html

Tell it to those who do not even know what a processor even mean. It will not stay in their brain longer than 10 minutes.
Trust me I tried.

It makes no difference to me if you want to continue being wrong, I was merely trying to help correct an error in your knowledge.

Well I myself found this helpful.

Thanks

If you decide to pay the ransom (which I personally am against) then there's no way to know they didn't leave a stealth trojan for next time.

Best thing you can do is re-format the machine. Especially if you don't use a backup solution. I use a program called Rollback Rx and it's saved my arce from ransomware a few times. Once you reformat you'll want to install the program or alternatively use a disk imager. Either way, cut your loses and start backing up your data to prevent this situation from happening in the future.

I think he understands. He just means that normal average people virus is the common term for them and to just let them be as long everyone understand what they meant.

brodiezz__, is her computer a laptop or a desktop & do you have access to another desktop computer?