How to Solve "Oops, Your Files Have Been Encrypted" in 2019

How to Solve "Oops, Your Files Have Been Encrypted" in 2019
Andrew Sanders
Posted: February 18, 2019

Although ransomware is making fewer headlines, it is still effectively targeting businesses and individuals. Over the last few months, ransomware attacks have brought down news organizations during the Christmas holidays, infected home computers via drive-by-downloads, and locked up over 100,000 computers in China.

Ransomware may not be growing as fast as it was, (cryptojacking overtook ransomware as the fastest-growing malware in 2019) but it’s still dangerous stuff. With that said, however, it may be less scary than it looks. Here are a few ways to remove or mitigate a ransomware infection:

Step One: Never Pay the Ransom

Paying the ransomware ransom is never a good idea. First of all, you have no idea who you may be supporting – it could be terrorists, organized criminals, or spies from foreign governments. Paying the ransom puts money into their coffers, which is definitely a moral gray area.

Furthermore, paying the ransom may not get you your data back. Some ransomware, such as the infamous NotPetya ransomware that brought business to a standstill in 2017, is designed to encrypt files permanently. Anyone who paid the ransom will lost both their money and their data, forever.

Lastly, not all ransomware is designed by criminal masterminds. Even if you get a message saying that your data is encrypted, there’s nothing that says the malware responsible is guaranteed to have done so competently. In other words, there’s a chance that you can reverse the encryption, decrypt your data, and clean the malware from your system, all by yourself.

Step Two: Identify Your Ransomware Strain

Identifying the strain of ransomware that’s infected your computer is the first step towards understanding whether your data is salvageable.

Your first clue towards identifying your strain of ransomware will be the ransom letter itself. Cyber criminals will often identify themselves and by signing their ransomware with a specific alias that’s linked to the kind of malware they’re using. Similarly, they might include a specific Bitcoin address (the digital wallet where ransomware victims send currency) that’s associated with a given malware strain. Using these identifiers, a quick Google search using a non-infected device will probably tell you what you’re dealing with.

If that doesn’t work, it’s probably time for a more specialist method. A website operated by a group of security researchers known as the Malware Hunter Team can identify your ransomware strain automatically if you upload the ransom note and one of your encrypted files. A service known as VirusTotal can do the same.

Step Three: Uninstall the Ransomware if Possible

Once you identify your ransomware strain, you’ll have a pretty good chance of decrypting it. If you’re lucky, the ransomware program you identify won’t be ransomware at all. Instead, it will simply take the form of a pop-up that locks your screen and tries to fool you with a warning message. These are easy to remove with the anti-malware programs already installed on your computer.

If the ransomware you’re encountered has genuinely locked up the files on your computer, then you may be in trouble. One of your options is to try to restore your computer from a backup. Unfortunately, some ransomware families actively seek out and delete backups that are stored on your computer. This is why it’s best to find a backup service that operates via the cloud.

If you can’t find a backup, but you do know the name of the ransomware that’s affecting you, you may have a chance. Security researchers have been studying ransomware for years, and some of them have developed specific decrypting tools and instructions that will reverse the infection on your system. A service called No More Ransom will link you to a specific decryptor for a given malware family along with instructions.

Unfortunately, not every ransomware family has a decryption tool associated with it. If this is the case, and there is no possibility of restoring from a backup, then you may have to accept that the data on your computer is lost.

Step Four: Establish a Proactive Defense

If you’ve just defused a ransomware infestation – or if you’re worried that you might be a target – now is the time to find a secure antivirus solution. Most major antivirus platforms now include specialized modules designed to deal with ransomware, ensuring that your computer won’t fall victim to an attack. If you’re interested, check out our list of Top 10 Antivirus Services and find a program that works for you!

About the Author

Andrew Sanders
Andrew Sanders

Andrew is a writer on technology, information security, telecommunications, and more