What do I do if I believe my computer is infected with Ransomware?
Find out what kind of ransomware you have
First, you’ll need to determine whether you’ve been hit by encrypting ransomware, screen-locking ransomware or something that’s just pretending to be ransomware. See whether you can access files or folders, such as the items on the desktop or in the My Documents folder.
If you can’t get past the ransom note you see on your screen, you’re likely infected by screen-locking ransomware, which is not so bad. If you see a notice claiming to be from the police, the FBI or the IRS that says you’ve been caught looking at pornography or filing false taxes and must pay a “fine,” that’s usually screen-locking ransomware, too.
If you can browse through directories or apps but you can’t open your regular office files, movies, photographs or emails, then you have encrypting ransomware, which is far worse.
If you can both navigate the system and read most files, then you’re probably seeing something fake that’s just trying to scare you into paying. You can ignore the ransom note. Try closing your web browser. If you can’t, then hit the Control, Alt and Delete keys at the same time to open Task Manager, choose the Application tab, right click the browser application and select End Task.
Should you pay the ransom?
Most security experts, as well as Microsoft itself, advise against paying any ransoms. There’s no guarantee you’ll get your files back if you pay, and paying just encourages more ransomware attacks. (Don’t pay the ransom for screen-locking ransomware, because you can almost always get around it.)
How to deal with ransomware
1. Disconnect your machine from any others, and from any external drives. If you’re on a network, go offline. You don’t want the ransomware to spread to other devices on your local network or to file-syncing services such as Dropbox.
2. Use a smartphone or a camera to take a photograph of the ransom note presented on your screen. If you can take a screenshot, do so as well.