Dealing with a Ransomware Attack: A full guide

Response to certain concerns in the comments:
I’m aware that “pulling the plug” can destroy evidence for forensic investigators, but the value of potentially preventing a large amount of data from being encrypted in the first place can be much greater for the user than the slim chance of finding file traces or the encryption key in memory through a high cost forensic investigation. Of course it only makes sense if done early, and as with everything not everyone agrees. This video is meant to be a general guide for most people but of course it cannot tell you how to perfectly deal with every possible scenario.

you know demon slay? he helped me decrypt the ransomware I got from 3 years

Hi, I got hit by a ransomware attack and they got ahold of a few gmails that didnt have much important info except one bank card that didnt have funds on it which I promptly sort a replacement for and now the old card is destroyed. I reset my pc and os but I still think there is some virus on it. I checked my task manager and it is showing "system" using upwards of 50% of my cpu among a few other processes that lead by to a "System32" folder when I check their original file location and I cant delete these files as they say I need access from "TrustedInstaller". I also cannot connect to my personal router which was connected to the pc through an ethernet cable when I was hit. Just wanted to confirm if the methods like malwarebytes and such would work still and if changing my hard drive would have to be an option.

I hope I'll never have to actually watch this video

Aren't there some ransomwares that prevent you from running certain applications, such as anti-malware or decryptors?

👏Back👏up👏your👏data

Thank you for this tutorial.

this video helped me. thanks

Bro, so many bots in the comments...

Don't store lots of your data on the mounted hard-drive. Use removable USB or SD cards. Upload files to the cloud. Have a backup version of your favorite OS on a USB or CD ready to go, so you can simply clean-install and never be touched. That way you can skip all of this.

💋 an exemplary video. It is the 911 of the computer world. Hello: what's your issue? Let's deal with it. Boom.

Emsisoft saying "impossible to decrypt"

The only real answer to Ransomware is to eliminate the source. In one building in Russia most of these operations are housed and overseen by the FSB. Rather than pay millions in ransom some companies will opt for the nuclear option. Pay mercenaries to topple the building onto the hackers and keep targeting them till the message gets out. Hack for the FSB or Mafia and risk death. Simple but effective deterrent is the knowledge you will be tracked and eliminated for and with the money you were trying to steal.

I believe you can but tNice tutorials will depend what version you have.

I m used emisoft decryption but it show the results remote not resolved

Hi Bro i have fdvc infected files in external drive. So how to recover pls help me

But the Annabelle ransomware is full screen mode and it doesn’t let you do anything else. A lot of ransomware nowadays don’t let you use your internet browser and you said yourself that i need to remove the network. I mean, i can use my phone for it, but then how am i supposed to upload a file

I suggest you contact Cleedenz directly on Instagram for help, he's a certified white hat and he's legit and reliable enough when it comes to cyber security jobs

I got a Trojan virus a few months ago and windows defender actually got rid of it instantly

Does one drive can effect by virus

still works! followed steps exactly and it works, thx a ton and keep up the awesome videos

reconded to use headphone for best experience

production. Thanks again!

.VVWQ ransomware

what about the ransomware that creates non minimazable window?

Cm l
W

Bwwww,lvl. The c
J

Will reformatting the system completely remove the ransomware?

Dude my id is online and i tried everything and attanded every professionals who could decrypt it but they said without virus it couldn't be decrypted bcuz in order to unlock the online code it mustn't be uninstalled so what should i do bro help me plz😢😢😭😭

I suggest you all reach out to MARCTECH247 for your extension recovery. He’s tested and trusted

Marctech247 was able to guide me on how to recover my encrypted files in less than an hour. They’re the best when it comes to recovery issues. Give them a try now

Marctech247 was able to guide me on how to recover my encrypted files in less than an hour. They’re the best when it comes to recovery issues. Give them a try now

I use non-network connected external drives, that I write my data out to every few days. As a retiree, anything on my computer is likely a bunch of media files or games that I can re-download. I've always enjoyed the performance increase of a fresh windows install (a relatively quick task in 2022), so that's how I'd cure a ransomware attack. Wipe everything and move on.

Personal files are always safe using offline storage solutions. Just don't plug the drive into an infected machine.

if pull off the internet plug, how do you search for the Decrypt site?

Can ransomeware attack zip files or is there any solition to be protected thanks

I have .bbzz

What if decryptor is not available....?

I'm in trouble. Ransomware Attack in my PC I want help can you please Help me now? Gtys and Egfg Extension at all files.

.You can message SCOTTS_HACK

.You can message SCOTTS_HACK

.You can message SCOTTS_HACK

I can't delete my encrypted files

My system was attacked several days ago. Watched this video and then visited ID-Ransomware and uploaded a sample encrypted file and it immediately identified the type of ransomware I am dealing with (DcRat/Lime). It says it's decryptable. Great! So then it says to click for more info. and takes me to a random Twitter thread from years ago and says to leave a message for someone and link them an uploaded sample encrypted file. I did this and have heard nothing back :( It's frustrating to learn that there is hope for my files but then basically to be taken to a dead end by this website. I don't think this is an active Twitter thread anymore because no one has commented on it for years. I had hoped that the "more information" it's going to provide me with some useful tool or decryption program or something but now I'm just at a dead end.

🆙 Everyone take a look at this contact 🆙 on WhatsApp for your removal of viruses affecting your documents he was the one that helped me decrypt mine

🆙 Everyone take a look at this contact 🆙 on WhatsApp for your removal of viruses affecting your documents he was the one that helped me decrypt mine