What is ransomware
Ransomware is a malicious software that infects your computer and allows cybercriminals to block remotely your computer and to encode your files, providing them full control over all the information on your computer. They offer you to pay for virus extraction in pop-up window.
How ransomware works
The threat is hidden inside another file or program that looks so innocent that the user quetly opens it: email message attachments, videos from dubious provenance websites or even system update from reliable programs such as Windows or Adobe Flash.
The different virus function principle and content can vary: it can be a couple of a driver and a library, or one executable file, but the result of its malicious activity is almost the same: the infected computer user sees a fullscreen window which contains a message that Windows is blocked and it’s necessary to send a message to a short number to unblock it.
How to prevent ransomware infection
Here the rules are the same as with other viruses:
regularly update operating system;
install good antivirus and always update it;
do not open email messages or files from unknown senders;
avoid visiting dangerous websites or browsing malicious content.
How to remove ransomware
The easiest way to remove the infection is to use ransomware deactivation services that can be found on leading antivirus companies websites. There you need only to enter in specail line a short number to which violators offer you to send sms, and press neighboured button. In neighbouring line a generated code for system unblocking will appear. After unblocking you need to refresh your antivirus and perform a full system scanning.
However this method is applicable when you can go online from another computer; if you can’t, there is a possibility to solve this problem manually.
The easiest «manual» way — load your computer in safe mode and start the «System recovery» prcedure that will roll your system back to breakpoint (if it was created) and disarm the virus.
If ransomware turned safe mode off, a method with LiveCD boot disk utilising can help you to get into registry and to recover «userinit» key value from installed by malicious program to a standard one C:\Windows\system32\userinit.exe, then you need to remove the file manually and to load computer in normal mode.
However, the antivirus specialists advice is the same: protect your computer from malicious software carefully and pay attention to what sites you follow and what you download from there.