Ransomware does not allow users to access their system or digital files, requires payment of a ransom in order to recover them, and can potentially infect a computer in a variety of ways.
One of the most common methods is through malicious spam, that is, messages with documents or links that send malware via email.
What happens if a user is a victim of ransomware and the PC is infected?
First step: It is mandatory to identify all the devices that are infected to disconnect them from the network, in this way the ransomware will not spread through smartphones, laptops or tablets.
It is recommended to remove network drives, external hard drives, flash drives, and cloud storage accounts.
Second step: Victims will have to identify the type of ransomware using the 'No more Ransom' Crypto Sheriff tool offered by Europol's European Cybercrime Center.
The files that the attacker has encrypted will have to be checked along with the ransom note. If Crypto Sheriff recognizes the encryption and offers a solution, it will provide users with a link to download the decryption program.
Third step: It consists of removing the ransomware after encrypting the files or with an antivirus, although there is also the possibility that users can delete it manually.
Fourth step: After removing the ransomware, users can recover the encrypted files through backup and decryption tools.
How can a computer get infected with ransomware?
· Connection to an infected network.
· Visits to unsafe websites, with dangerous or misleading content.
· Opening files attached to malicious emails.
· Clicking on malicious links included in messages and social media posts.
· Install pirated content or software.