How to protect yourself from ransomware infections?
Suspect and/or irrelevant emails should not be opened, especially ones received from unknown/suspicious senders. Any attachments or links present in dubious mail - must not be opened, as doing so can result in a serious system infection. It is advised to only use official and trustworthy download channels. It is just as important to activate/update products with tools or functions provided by legitimate developers. Illegal activation ("cracking") tools and third-party updaters must not be used, as they commonly spread malware. To protect device and user safety, it is crucial to have a reputable anti-virus/anti-spyware software installed and kept up-to-date. This type of program has to be used to run regular system scans and to remove detected/potential threats. If your computer is already infected with Phantom, we recommend running a scan with [removed] to automatically eliminate this ransomware.
Are you having any problems with ransomware infections?
Have you come up with any methods to remove ransomware?
Isolating the infected device:
Some ransomware-type infections are designed to encrypt files within external storage devices, infect them, and even spread throughout the entire local network. For this reason, it is very important to isolate the infected device (computer) as soon as possible.
Step 1: Disconnect from the internet.
The easiest way to disconnect a computer from the internet is to unplug the Ethernet cable from the motherboard, however, some devices are connected via a wireless network and for some users (especially those who are not particularly tech-savvy), disconnecting cables may seem troublesome. Therefore, you can also disconnect the system manually via Control Panel:
Navigate to the "Control Panel", click the search bar in the upper-right corner of the screen, enter "Network and Sharing Center" and select search result:
Click the "Change adapter settings" option in the upper-left corner of the window:
Right-click on each connection point and select "Disable". Once disabled, the system will no longer be connected to the internet. To re-enable the connection points, simply right-click again and select "Enable".
Step 2: Unplug all storage devices.
As mentioned above, ransomware might encrypt data and infiltrate all storage devices that are connected to the computer. For this reason, all external storage devices (flash drives, portable hard drives, etc.) should be disconnected immediately, however, we strongly advise you to eject each device before disconnecting to prevent data corruption:
Navigate to "My Computer", right-click on each connected device and select "Eject":
Step 3: Log-out of cloud storage accounts.
Some ransomware-type might be able to hijack software that handles data stored within " [removed] ". Therefore, the data could be corrupted/encrypted. For this reason, you should log-out of all cloud storage accounts within browsers and other related software. You should also consider temporarily uninstalling the cloud-management software until the infection is completely removed.
Identify the ransomware infection:
To properly handle an infection, one must first identify it. Some ransomware infections use ransom-demand messages as an introduction (see the WALDO ransomware text file below).