Ransomware is a form of virus that attacks your PC and locks parts of the system, sometimes irrevocably blocking access to valuable photos and important documents.
Ransomware may lock your system entirely, preventing you from getting past the warning message. Viruses such as CryptoLocker can even encrypt the files on your PC, making them unreadable unless you pay up for a key-code. Both approaches claim that payment will resolve the issue, although officials warn that paying won’t guarantee you’ll get the use of your PC back, and that your bank details could be stolen in the process.
The most common type of ransomware locks your PC screen, displaying a message purporting to be from the Metropolitan Police, the UK’s e-crime unit or Action Fraud. The lock-screen claims the computer has been used for illegal activities, scaring or embarrassing victims into paying a ‘fine’ via online payment systems such as Ukash or Bitcoins that can be hard for police to track.
How to remove a ransomware virus
If you do contract a PC virus – ransomware or otherwise – the best thing to do is to remain calm. Make a note of any information you can, and log any files that are flagged by your operating system or security software as infected. Disconnect from the internet – the malware could be trying to send your data out to the scammers. Use another PC to search for details of the virus. Different viruses have different cures, so seek information on your virus and find out whether security companies have created an antidote.
Method 1: If your computer is still accessible
MalwareBytes Anti-Malware Free is a good, free program that can remove CryptoLocker and similar ransomware scams.
Download and install Malwarebytes as per our instructions, then run a full scan of your PC. Check each of the tick- boxes alongside the detected infections. Next, click on Remove Selected to clear the infected files.
Method 2: If your PC is locked
If you can't switch on your computer without seeing the ransomware message immediately, then you'll need to start in Safe Mode to get around this. See our guide to Windows Safe Mode for more on what this is and how it works.
Restart your computer and press the F8 key while the system is booting up to access your PC without using Windows. Use the arrow keys to choose Safe Mode with Command Prompt.
Using the text cursor that appears, type rstrui.exe and press the Enter key. This should start a Windows System Restore screen that lists saved points within Windows from an earlier time.
Choose a restore date from before you were infected, then restore your PC to this point. Download the MalwareBytes Anti-Malware Free software and follow the tips covered in Method 1 to scan and remove any infections from your PC.
Should you pay?
Officials say that you should never pay a computer ransom, mainly due to fears that paying will encourage more attacks and that the money could be used to fund other criminal activities. Industry experts also advise against handing cash to the crooks, because there’s no guarantee that they will actually release your computer or unencrypt your files afterwards.
Even if things feel desperate, we’d never advise paying up to a criminal - especially since this can incentivise them to keep going with the scam.