The number one rule if you're ever a victom of a ransomware attack is --> never pay the ransom, advice endorsed by the FBI. All paying the ransom does is encourage cybercriminals to continue with more attacks. However, you may be able to recover some of your files by using free tools.
Be careful, though, as not all ransomware have had such tools created for them. Even if there's a tool, it's usually for a very specific version. We recommend seeking guidance from a security or IT specialist before trying anything so you don't accidentally further encrypt your files and make them more difficult to recover.
How many kinds of ransomware are there?
There are three main types:
Scareware is ironically not that scary. It's more a scam than anything. You might see a pop-up window trying to convince you that malware has been installed on your device and the only way to get rid of it is to pay a ransom. If you ignore it, you’ll have to live with a barrage of pop-ups but your files aren't encrypted or anything.
Lock-screen ransomware is much more serious. These types of malware can lock you out of your machine entirely, often accompanied by official-looking FBI or US Department of Justice seals telling you some sort of illegal activity has been detected on your computer and you must pay a fine.
No, the FBI would never lock you out of your computer or demand payment for illegal activity. If you were in any kind of trouble, they would knock on your front door.
These are the most serious of all. These encrypt your files and demand payment in order to recover them. Once your files are encrypted there's no way to recover them unless you pay the ransom and, even if you do, there’s no guarantee the criminals will hold up their end, which is why we recommend to never, ever pay the ransom. You'll still be without your files but also without some money, too.
How to protect yourself from ransomware
The solution is to commit to an intentional cybersecurity program that includes at a minimum an endpoint protection solution (anti-malware program), a solid and secure backup strategy (to protect against ransomware), a consistent hardware and software patching schedule (to help secure your devices and critical infrastructure), and an some awareness training to make sure you and everyone on your team is informed of the latest scams and threats to help minimize the likelihood of anyone falling for any of the trickery out there. Good luck!