Ransomware – What To Do If You Are Infected

03/12/2024 | by SandStorm IT


Ransomware still remains one of the most notorious forms of malicious attacks out on the internet, and won’t be going away any time soon. It now takes very little effort for someone to make their own Ransomware variant, as evident by all the new strains popping up every day. With so many variations, what steps does one need to take if they’ve been infected? What steps can one take to mitigate damage from a recent infection?

Early Detection

Security companies now have had more time to analyze available ransomware that just started popping up a few months ago. As a result, new utilities and security suites with ways to monitor your PC in real time to protect against ransomware are being made. To receive this benefit, always make sure your antivirus software is up to date, as this will get you access to these tools as they become available.

Immediate Response

If you manage to spot the Ransomware early enough during its infection process, you may be able to minimize the amount of damage being done. While there are no sure-fire ways to catch Ransomware early, there are a few signs to tip you off. Some ransomware variants are designed to immediately pop up the ransom note even if they haven’t finished the file encryption process, while others will change your desktop wallpaper to the ransom note.

If you notice one of these ransom notes, immediately shut down the PC. This will minimize the number of files that get locked by the ransomware. After ensuring the PC is powered off, contact a professional to assist in ensuring the removal of the ransomware before it can continue to spread.

What can I do if the Ransomware managed to lock my files?

There are still a few options to attempt if the ransomware managed to finish locking all your files. Some security companies are actively combating ransomware and using weaknesses in the code to come up with ways to reverse the lock on your files. Always spend some time researching to see if one has come out with a decrypter for your specific ransomware strain, as these utilities may be the only option available to recover without backups being available. If you’re ever unsure, reach out to a professional. Have them assist in tracking down a decrypter, and if available, assist in running it, as sometimes it is a complicated procedure to get successful results.

If there are no decrypters available, back up the encrypted files and restore from a backup if available. If there are no backups available, the copies of the locked files will allow you to restore them if there ever becomes a decrypter available for your specific strain.

Unfortunately, if there are no backups available, at this point the only option left is to reinstall the operating system on the PC and start over from scratch. Never pay the ransom listed in the ransom note, as it’s not possible to guarantee a successful restore of all your files. There have been a few cases of ransomware variants just locking files with random keys or passwords that still demand a ransom, even though recovery is no longer an option because a random key was chosen.

Once back in an operational state, consider implementing a backup system if you currently do not have one.


  • Early detection is key. The sooner you find out, the sooner you can ensure safety of your data.
  • Keep your anti-virus up to date. New tools to combat malware are constantly being released in security suites.
  • If you’re already infected, immediately stop using the computer, prevent further usage, and contact a professional immediately.
  • Back up your data regularly. Start a back up system if you don’t have one in place.

For any issues regarding ransomware, backups, encryption or anything else IT related, call SandStorm IT at 901-475-0275.

Related Posts:

Connect w/ us

Subscribe to Our Newsletter