Recovering from Screen-Locking Ransomware
What is Screen-Locking Ransomware? Screen-locking ransomware takes over your computer by blocking access to the operating system. When you turn on your computer, all you see is a ransom note or a message pretending to be from an official source like the FBI. The note demands payment to unlock your computer.
This infection likely occurred after visiting a malicious website, clicking a harmful link, or opening an infected attachment.
Share Your Experience We want to understand the impact of your experience. Please fill out this Impact form to help us better protect future victims.
First Steps If Infected Before attempting to remove the ransomware and regain access to your files, follow these steps:
Disconnect Your Device: Unplug your device from all other devices and the internet to prevent the infection from spreading further. Disconnect from any wireless or wired connections.
Take a Picture of the Ransom Note: Use a camera or smartphone to photograph the ransom note. This ensures you have a copy for future reference and helps when reporting the crime to the police.
Can You Get Your Data Back? Screen-locking ransomware is one of the less effective forms of ransomware. Victims often can remove the infection and recover their files. Cybercriminals rely on scaring you into paying the ransom, hoping to find those who don't know how to restore access without paying.
By following the steps below, there's a good chance you'll get your computer and data back. If there's a threat to publish your data online, check out our Outing guide as well.
Should You Pay the Ransom? Our advice is not to pay the ransom. Paying funds the criminals and perpetuates ransomware as a cyber attack method. There's no guarantee that paying will provide the information needed to decrypt your files (if they were even encrypted) and once criminals know you're willing to pay, you may become a future target.
Given the chances of recovering from screen-locking ransomware, focus on the steps below before considering payment. For more details on paying ransoms, see our advice here.
Approaches to Removing Screen-Locking Ransomware
Restart in Safe Mode: Safe Mode only allows trusted software to run, preventing malware from operating. Once in Safe Mode, use an anti-virus tool to remove the malware.
Try System Restore: Many Windows computers have a System Restore feature that returns the system to the last known good state. The Microsoft guide on System Restore can help. If you can't reach the recovery screens, reboot from the installation disk or USB stick and select Repair Your Computer instead of installing the operating system.
Reporting the Crime In the U.S., report cyber crimes to the FBI's Internet Crime Complaint Center (IC3).
Preventing Future Infections
Back-Up Regularly: Use an external hard drive for regular back-ups and disconnect after use to avoid infection. Consider using a cloud service that automatically backs up your files.
Use a Good Antivirus Solution: This will stop most known ransomware and help remove new ransomware quickly.
Update Software Promptly: Enable automatic updates to include security fixes that can prevent ransomware.
Be Cautious with Links and Attachments: Be extremely careful about clicking links or opening attachments in emails and messages. Legitimate accounts can be hacked to send malicious messages, and emails can be designed to look like they are from trusted sources.
Be Good at Security: Consider using sites like Secure our World and FBI SOS! to improve your understanding of online security. The more secure you are, the more likely cybercriminals will move on to easier targets.
Support our Blog
If our blog helped you resolve your cyber issue, we kindly ask you to consider making a "pay it forward" contribution. Your support enables us to continue providing updated cyber solutions for you and others.
