What is Ransomware?

“Ransomware” is a term used to describe a number of computer viruses designed to hold valuable data hostage. These viruses are also sometimes called “cryptotrojans” or “ransom trojans.” Once a ransomware virus infects a system, it attempts to infect the entire network which a computer is connected to, and then encrypts all of the data it can, making the system unusable.

Once it has encrypted all the data it can, the virus will then display a ransom demand containing an email address or contact information of the attackers. Attackers may threaten that the ransom will double, or the data will be lost forever if payment is not made quickly.

If this happens to you, stay calm and don’t panic. We recommend calling experts to solve the problem as quickly as possible.


By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

How do I know if my system is infected by ransomware?

  • There are a number of symptoms of ransomware infection.
  • A message saying that your data is encrypted and demanding a ransom.
  • The names of your files or file extensions suddenly change.
  • Your desktop wallpaper disappears.
  • Your CPU is running at 100% although you are not running any programs.
  • Your computer is unusually slow.
  • Your virus protection software is deactivated and won’t start.

These are some of the most well known encryption trojans. There are many different types of ransomware viruses, so the best response often depends on which version you are dealing with.

  • GandCrab
  • REvil
  • Locky
  • WannaCry
  • PCLock
  • Maktub
  • TeslaCrypt
  • Cerber
  • DMA Locker
  • Coverton
  • CTB Locker
  • KeRanger
  • LeChiffre
  • Shade
  • Rannoh
  • Marsjoke
  • QNPCrypt
  • Ryuk
  • FBIRansomWare
  • WanaCryptor
  • CrySiS
  • Odin
  • CryptoWall
  • TorrentLocker
  • Goldeneye Ransomware
  • Thor
  • CryptoLocker
  • Zepto
  • CoinVault
  • Wildfire
  • Chimera
  • Rakhni

What should I do if I get hit by ransomware?

Stay calm, and immediately shut down your computer normally. Do not shut down by hitting the power button or unplugging the computer, as this can damage your data. If the ransomware is still in the process of encrypting your data, suddenly powering off the computer can lead to permanent data loss.

Next, disconnect the network and ethernet cables immediately and disconnect any WLAN or Bluetooth connections. This will prevent the virus from spreading further over your network. Also remove all external data storage devices like external hard drives and USB sticks, and disconnect connections to online cloud storage services like Google Drive or Dropbox.

A more detailed guide to ransomware response is available here.

Do not try to remove the ransomware trojan. Many variants of ransomware have anti-virus detection. Trying to remove the virus may result in permanent data loss.

We do not recommend trying to pay the ransom on your own. There are a number of things that can go wrong. In our experience, letting experts handle ransomware response will save you time and money overall.

The BeforeCrypt team are established and trusted IT professionals. We have years of experience in ransomware removal and recovery, and in most cases we can recover 100% of your data. Reach out to us today for a free consultation.

BeforeCrypt - Experience from over 1,000 successful ransomware recoveries

We specialize in helping ransomware victims recover as quickly as possible and protect themselves from getting hit again.

The founder of BeforeCrypt, Janos Konetschni, has over 15 years of experience with IT services and cybersecurity. Together with his team, he offers very specialized expertise in cyber attacks. In the past several years, we have helped hundreds of businesses and private clients smoothly and securely recover from ransomware attacks.

  • Comprehensive knowledge and experience in the field of ransomware and data recovery.
  • A personal contact person supports you in every step of the data recovery process.
  • Data protection and privacy. We take the protection of your data very seriously and respect our clients privacy.
  • Experience from over 1,000 successful ransomware data recoveries
  • 24/7 Emergency service. Our team is available 24 hours a day. In emergencies, recovery can begin immediately.
  • Remove Ransomware & Recover Data – We remove all viruses and decrypt your data.

Keep calm! Contact us, we can help you!

Cryptowall - Ransomware Recovery
DMA - Ransomware Recovery
Locky - Ransomware Recovery
Carber Ransomware Recovery
Maktub - Ransomware Recovery
padcrypt - Ransomware Recovery