How do i remove Ryuk ransomware

Decrypt ransomware: how to remove (almost) every ransom trojan

Thomas Joos

We'll tell you how to defend yourself against Trojan ransomware. And what clever tools you can use to decrypt your files when the nasty ransomware has struck.

EnlargeDecrypt ransomware: With these tools you can remove (almost) every blackmail trojan
© iStockphoto.com/MorePixels

Ransomware is a real nuisance and, depending on the type of data being encrypted, can even be a disaster for victims. The attackers encrypt users' files and only allow access again after a payment has been made. But the payment in no way ensures that the encrypted data can be used again afterwards. However, there are tools and procedures for affected users to save their computer and data.

Ransomware: Different types of game

In general, there are different types of ransomware. “Lock screen” attackers simply block complete access to the system. These attackers are relatively easy to get rid of, or at least the data is not compromised. Crypto attackers, on the other hand, are more dangerous. These completely encrypt all data on the system. But there are tools that can help against attackers, including persistent attackers like Locky. The free anti-ransomware tool from Malwarebytes is designed to protect against ransomware such as Locky, but also CryptoWall4, CryptoLocker, Tesla and CTB-Locker.

What to do in the event of a ransomware attack

As soon as a computer is infected with ransomware, you should choose the following procedure:

1. Immediately disconnect the computer from the network.

2. Turn off the computer. This should help contain the infection.

3. Switch the computer on again and save the entire hard disk of the computer on an external data carrier, for example with an image backup. Below we will introduce you to the tools you need to do this.

4. If the ransomware blocks you completely, you can at least unlock general access to the computer with the free Kaspersky Windows Unlocker tool.

5. Try to clean up the computer with a conventional virus scanner. Many antivirus manufacturers provide free live CDs such as AVG, which can often also remove such attackers. See the next section for a list of the main antivirus scanners for this.

6. Start the computer in safe mode.

7. See if you can activate the latest restore point, which will remove the contamination.

8. Start the command line and try one of the following tools to clean up.

Back up the computer first before cleaning

Before cleaning, the computer should always be backed up to an external hard drive so that the original state is retained. Disinfection tools can also cause problems. If all data is available as a backup, you can restore it.

Clonezilla is one of the most popular solutions for cloning entire hard drives. If you boot a computer with the Live CD, all hard disks, including all partitions, can be backed up and restored.

Clonezilla is also part of the Ultimate Boot CD. The freeware HDClone is also available on the CD via the menu item HDD \ Disk Cloning. If you only want to test HDClone without the other tools on the Ultimate Boot CD, you can only download this product.

Scan with Live CDs first

One of the most popular and most secure Live CDs for virus removal is the free Kaspersky Live CD. Download this as an ISO file and burn it to a CD. Further rescue CDs can be found on the following pages:
• BitDefender
• F-Secure
• AVG Rescue CD

Tools to help fight ransomware

Well-known manufacturers such as Kaspersky also offer tools with which ransomware-infected computers can be cleaned up. An example of this is CoinVaultDecryptor. Kaspersky tools such as Decryptor also help decrypt files. The tool is offered together with the Dutch police.

Kaspersky also offers the RakhniDecryptor tool for removing Trojan-Ransom.Win32.Rakhni malicious software (.oshit and others).

Trend Micro Anti-Ransomware Tool

The free Trend Micro Anti-Ransomware Tool offers support against lock-screen ransomware and against crypto-ransomware. You can also use the tool in Windows Safe Mode, including the Safe Mode command line. The manufacturer offers comprehensive instructions for both attack options.

EnlargeTrend Micro also offers a free ransomware removal tool.

Bitdefender Crypto-Ransomware Vaccine

BitDefender offers the free tool Crypto-Ransomware Vaccine. This can also reliably clean computers and decrypt files. The tool is particularly helpful against crypto ransomware, i.e. against the dangerous variant. The tool protects unaffected computers from dangerous attackers.

EnlargeWith Bitdefender Crypto-Ransomware Vaccine you protect computers against ransomware