For a home user, the choice can be more complicated. If you use your computer occasionally for some Netflix, Facebook and email, then its very unlikely that it will be worth your while to pay this ransom. Spend some time and think about what kind of files might be on this computer. For some people, a dozen treasured images that aren’t saved anywhere else could easily be worth hundreds of dollars. If nothing comes to mind the you are better off to move on.

For this kind of user its very important to note: Just because your files are locked, does not mean your computer is broken or ruined. In this case, all you need to do is restore your computer to a previously uninfected state. At worst, this may require that your computer be wiped and your operating system be reinstalled. Call your local IT professional.

However if you are a more serious user with a significant collection of media or other important things on your computer, you are going to want to recover those files. Most media and software purchased from services like iTunes or Steam can be restored after a reinstall so take that into account when counting your potential losses.

Whether you are a business looking to get back to work or a hardcore Phish fan with a massive, irreplaceable collection of live jam sessions, the first step to recovering your files is to identify which variant of the virus you have. In many cases it will tell you right on the ransom screen. If this doesn’t work, a virus scanner like Kaspersky or Windows Defender might shed some light on the situation. Its possible that the virus may block your access to virus scanners. It’s important that you don’t allow your virus scanner to attempt to remove the virus at this stage as it could potentially make recovery impossible at a later point.

If you are able to determine which variant has infected your system. Your first stop should be to check the Kaspersky Labs RANSOMWARE DECRYPTOR https://noransom.kaspersky.com/

However, if you aren’t able to find which variant you have or it’s not on the Kaspersky list, then its time to bite the bullet and pay the ransom. Bitcoin Brains has completed or assisted with the unlocking of 100s of systems, I can tell you that the odds of successfully unlocking your system after a ransom payment are very high. Some variants will store the key to unlock your system locally. In these cases its possible for your virus scanner to damage the recovery file if its allowed to attempt to remove the virus. Other variants store this key on a remote server, in this scenario its possible that the remote server could be taken down or compromised. While its unlikely, the possibility does exist that you could be left without your files or your bitcoins.

The final step once your files have been recovered is to attempt to identify where this virus came from. On a personal computer, check your inbox and browser history. When you find the file in question DON’T OPEN IT AGAIN. This might seem obvious but I’ve seen it happen more than once. The most common cause of infection is opening unknown attachments. If you aren’t expecting something, don’t open it.

In a small business setting, which may not have the tightest of user controls, pinpointing the source can be more difficult. Because many businesses necessarily hire at least a few staff who are less than tech-savvy, educating everyone in a workplace about the dangers of email attachments can be a major challenge. One smaller oil company came to us 5 times within a 3 months span to unlock ransomware which had all been downloaded by employees in their sales department. They’ve since instituted a more rigorous backup schedule and tighter user controls.

This article makes some assumptions about your ability to acquire and send bitcoins. If you are having trouble with this step then contact a bitcoin or IT professional. If you are in Canada, you can check out the options that Bitcoin Brains has available.

http://bitcoinbrains.com/buy-bitcoin/