10 Ways To Remove Ransomware

Ransomware is currently the biggest dog in the town. Lately, millions of computer users got affected by some random strain of Ransomware infection. Most of them lost their important files because they did not knew how to remove the virus and recover their files.

Paying ransom to buy decryption tools is always an option but not a good one. Many victims thought they could negotiate with hackers and restore their data. This decision later came back to bite them. In most cases sooner rather than later. They forgot one golden rule to fighting a bully is to stand against them.

If you will pay money to attackers who stole your files and blackmailed you, they will certainly cheat you. Paying money had only encouraged cyber criminals and now Ransomware has become a billion-dollar industry. In this article, I am going to share 10 Ways To Remove Ransomware effectively from an infected PC.

We are not going to talk about any specific malware group or strain here. They all are different from the front but at the core, they are as quite similar. Removal of a data-locker malware is a delicate process. It is not easy to get rid of any file-encrypting malware but it can be done.

What Is Ransomware?

Ransomware is a type of malware that encrypts files on the infected PC and then blackmails the users to pay ransom to buy decryption software. It is would not be wise to discuss the origin and evolution of the Ransomware virus here. It would make this article enormously long and will not fulfill the primary goal which is to learn to remove ransom viruses from computers.

Note: If you want to know more about the infection then refer to this Wikipedia page.

If you had checked that article then you must have understood all about this threat. If you didn’t then know this, the very first Ransom demanding virus attack was documented in 1989. With a significant growth, the total number of ransomware attacks reported in 2021 was 623 million.

When Ransomware attacks your computer, it encrypts your data such as images, documents, videos, music, database, backups, etc., and renders them useless until a decryption tool is used to decode the data. Then ransom note is also placed on the computer in HTML or text format. Some ransomware threats also change the desktop wallpaper.

Attackers demand a huge sum of money as ransom from victims mostly paid via Bitcoins or some other cryptocurrency.  Hackers try to convenience users that the only way to regain access to their files is by buying the decryption software. However, most victims don’t receive the decoder even after paying the ransom fees.

How does Ransomware infect your Computer?

Ransomware threats are mostly distributed online as any other malware. Cybercriminals use various tricks to spread creations fast and target more users at once. They always look to create a chain reaction to make a huge profit. You should always be careful while surfing the Internet or downloading free stuff online because nothing is free in this world.

Spam email campaigns are one of the most used and highly successful ways of spreading malware online. Cybercriminals often use automated software to send fake emails containing malicious attachments and links in bulk. These emails would normally look like coming from a company or service provider but they are sent by hackers. Always check the sender’s address before opening any mail, scan all attachments for viruses, and do not click on suspicious links.

Software bundling is another frequently used malware distribution technique. If you are downloading free programs or software from the Internet then check them for viruses first. Hackers often embed their malicious files and malware installers into freeware programs. Also, choose the custom installation method to avoid the installation of any harmful attachments.

Free file hosting and sharing sites are often used to spread malicious files and threats. Avoid p2p file sharing, do not look for pirated software, illegal game patches, or fake software updates. They are the primary source of malware these days. Most of the users get lured by the promise of free stuff and then end up getting nasty ransomware on their computers.

Can I Remove Ransomware?

Yes, it is very much possible to remove ransomware from your computer. This is what this whole article is, to teach you how to get rid of file-encrypting virus. Thank you for your patience and for reading all the way down here. In this post, I am going to share 10 methods that can help you delete file-encrypting malware completely from your system.

But know this, it is not an easy task to remove such a threat from your computer. You can not just go to your Control Panel to uninstall the program and be done with it. This is going to be a much more difficult and delicate task because you also need to restore your data.

Some might think why not just format the computer or reinstall Windows. This will remove the virus from your system but you will not be able to recover your files ever. It is hard even to recover encrypted files but to recover them from a formatted hard drive is impossible. So do not make that mistake until you have no regard for your files.

10 Ways To Remove Ransomware

1: Isolate the infected device

As soon as you get the hint that your computer is infected by a Ransom virus then immediately isolate your device. Remove it from the wired or wireless network ASAP to protect your other devices like mobiles, tablets, laptops, etc. After that disconnect all the removable devices like external hard drives, USB drives, and even cloud storage. Later check them separately for infection to make sure they are safe or not.

2: Identify the Ransomware

Before trying your tools you need to make sure you are using the right ones. You have to find out what kind of ransomware you are dealing with. There are lots of ransom virus strains that can be decrypted via free decryption tools (courtesy of various cyber security sites). So you should find what malware group has attacked your PC and if there is an easy solution for that.

There are some online tools that can help you with that:

After identification, you can check for free ransomware decryption tools online. Nomoreransom website has a huge collection of decryption tools. If you got a free decryptor for your ransom virus then just download the Automatic Ransomware Removal Tool and then decrypt your files. You need to remove the virus from your PC to stop further encryption of data.  If you cannot find any free decryptor then move to the next step.

3: Start PC in safe mode with networking

Safe mode is an important feature provided by Microsoft to fix bugs and virus related issues. In this mode, your computer will start will limited sets of functions only vital to operating basic features. This will prevent viruses from making any further damage to your computer.

  • Press Windows Key + R buttons together on the keyboard.
  • Type msconfig in the Run Box then click the OK button.
  • Click on the Boot tab then the System configuration window will appear.
  • Choose Safe Boot, check the network box, Click Apply, and press the OK button.

Safe boot

4: Kill Malicious Process From Task Manager

When a virus gets on your system it normally works in the background. Your computer will start working very slowly as it uses most of your system resources. So you will need to find that malicious program and close it.

  • Press Windows Key + R buttons together on the keyboard.
  • Type taskmgr in Run Box and then click the OK button.
  • Find Ransomware related or any malicious process.
  • Now right-click on it then click End process.

Stop Ransomware related task

5: Remove malicious IP addresses from Hosts’ Files

  • Press Windows Key + R buttons together on the keyboard.
  • Type C:\Windows\System32\drivers\etc in Run Box and then click the OK button.
  • Now open the host file with Notepad.
  • Look for any suspicious IP addresses that might be related to Ransom Virus.
  • Delete all the malicious IP addresses and save the host files.

Remove Ransomware related IP address

6: Remove Virus related Windows Registry entries

  • Press Windows Key + R buttons together on the keyboard.
  • Type regedit in Run Box and then click the OK button.
  • Registry Editor will open, then press CTRL +F buttons together.
  • Now type Ransom Virus Name and then click on Find Next button.
  • Find all the related entries and delete them one by one

Remove Ransomware related registry

7: Delete Ransomware related files from your PC

When a threat gets on to a PC, it most likely creates some files at different locations on the system. These files are used to perform a specific action and also help malware in getting back to the computer once it’s removed. So you just need to find also delete all those files associated with Ransomware. Carefully follow the below instruction :

  • Press Windows Key + R buttons together on the keyboard
  • Type each of the following in Run Box and press the OK button
  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

For the first four options, look for any recent folder related to the virus and remove them. For the Temp folder, you can delete all the files.

8: Remove Ransomware via system restore

  • Press Windows Key + R buttons together on the keyboard.
  • Type cmd in Run Box and then click the OK button.
  • Type cd restore and press Enter, then type rstrui.exe and press Enter.
  • When the System Restore window opens on your computer screen click the Next button, then choose a System Restore point you have created in the past and click the Next button.
  • Finally, click on the Yes button to start the system restoration process.

Remove Ransomware via system restore

9: Automatic Ransomware Removal Guide

If all of the above manual removal methods did not work for you then it’s time for the big guns. Ransomware is a notorious and cunning malware that can keep coming back on the infected. Removing all its associated files once is utterly necessary. So the best way to remove a ransom virus effectively is to use a powerful Automatic Removal Tool and save your time and efforts.

SpyHunter 5 Anti-malware is the best suited for this kind of problem. It can detect all hidden threats like Trojan, Ransomware, worm, Spyware, Rootkits, etc, easily. It provides 24X7 customer support and one-on-one Spyware HelpDesk support for Custom Malware removal. Its Advanced System Guard feature can detect and removes threats in real-time.

How SpyHunter 5 Anti-Malware Works

  • First, you need to click on the below download button to get the software.

Geek’s Recommendation

Sometimes threats like Ransomware keep getting back on the machine if all associated files are not removed. So you are advised to use a powerful Malware Removal Tool to run a thorough scan of your PC and delete all threats at once.

Compatible with: Windows 11/10/8/7 (32 Bit and 64 Bit)

Special Offer SpyHunter 5 Anti-Malware offers a 7-day fully-functional Free Trial. Credit card required, NO charge upfront. No charge if you cancel up to two business days before the trial period ends. Read SpyHunter 5 Review, and Free SpyHunter Remover details.
  • Then double-click on the installer you downloaded to install the program.

SpyHunter Installeruser access control

  • Launch the Anti-Malware application and click on Start Scan Now button.

Scan for Ransomware

  • The software will scan your PC for all hidden threats and viruses on your system.

Scan for Ransomware

  • Click on the Next button to see results and delete Ransomware and other threats.

Remove Ransomware

10: Recover Ransomware Encrypted Files

Now as you have removed the virus successfully from your computer then it’s time for file recovery.  If you are hare at the final method then you must have not found the free decryptor for your Ransomware. So you are only left with alternate methods to restore your files.

File recovery can be as easy as eating a doughnut if you have a backup of your files. But in case you don’t have a backup or your backup files are also encrypted then it could be quite hectic. In most cases, it is really hard to break the encryption without decryption software.

We recommend you to use powerful data recovery software to recover your data. It is a risk-free and smart way. You can just download the free version of data recovery software and scan your PC for files. There is a high probability that it can recover most of your files in a fraction of the amount that hackers are demanding. It is also needless to say that paying hackers will only motivate hackers to carry out more attacks.

  • First, you need to download Data Recovery software on your PC.

Download Data Recovery Software Now

  • Install the program, launch it then select the Data type to recover, and click the Next button.

select Data type

  • Select the location from where you want to recover data and click the Scan button.

Select location

  • After the scan, the software will list all files, select them and click the Recover button.

Recover Ransomware encrypted files


Ransomware is one of the notorious threats out there. You need to be more careful to protect your computer and your files these days. You never know when your computer will get infected by a ransom virus and you will lose all your data. So keep a backup of all your important files on external storage devices like hard drives, USB drives, or cloud drives. Use a powerful Anti-Malware program to protect your computer from future threats.

About the author

Robert Calvert

Robert is the Chief Security Expert and Founder of PCSafetyGeek.com website. He is a cybersecurity enthusiast who loves to research about Malware outbreaks and write about their remedies. He also like to spend time trying new software, reviewing them and sharing IT news. However he is a real coffee lover and likes to play chess in spare time (which is quite rare 😜).

Leave a Comment