ransomware victim2016 has turned out to be the year that cybercrime upped its game. Between an uptick in phishing of all kinds, a rise in scams targeting millennials and the domination of ransomware threats, experts are struggling to keep pace with the bad guys. By security company Symantec’s estimate, instances of ransomware increased by 300% from 1,000 attacks per day in 2015 to about 4,000 attacks daily since Jan. 1 of this year. While ransomware targets both individuals and organizations, the focus has largely been aimed toward enterprise scale attacks, affecting hospitals, offices and even schools. Still, the threat of an individual becoming a victim is just as real, and it’s important to be aware of your options should that happen. What can you do if you become a ransomware victim? Keep reading to find out.

How do you know if you’re infected?

First, it’s important to understand what ransomware is, which you can read about in this blog post. Similar to viruses, there are dozens of ransomware variants. Unlike viruses, which may wreak havoc on your computer in the background without you realizing it, ransomware wants to make its presence known. Some variants don’t encrypt files, but rather prevent you from accessing them (sometimes referred to as “screenlockers”) and others actually encrypt your files, and threaten you with deletion if you don’t give in to their demands. Despite these differences, what they all have in common is that they will suddenly freeze your device while displaying a note from a hacker. Furthermore, any attempts to reboot your device will simply take you back to this screen. Some ransomware might attempt to fool users by pretending to be affiliated with tech companies or law enforcement, while others don’t bother trying to hide the intent of the scammer. It may take you by surprise, but in general, you will know you’ve been hit by ransomware when it pops up to announce itself.

What to do if you’re a ransomware victim

If you find yourself falling victim to ransomware, there are a handful of things you can do to gain access to your computer or files.

1. Disconnect and don’t panic! Ransomware is alarming, but you should do your best to remain calm when confronted with it. No matter what the note says, remember that you’re never going to be faced with the government, law enforcement or a security company locking up your computer in demand of payment. The first thing you should do if you are a victim of ransomware is to disconnect your infected device from the Internet and any other devices in your home. This can help prevent any potential spread of the infection to your other devices.

2. Try to avoid paying the ransom. While paying comes down to personal choice, keep in mind it’s not a true solution. Even if you can take the cybercriminal at their word, and they hand you back your files, paying once does not mean you’re off the hook should you become a ransomware victim again. You could become the target of new scammers or even the same one, as was the case for Kansas Heart Hospital in Wichita. The best long-term strategy for beating ransomware is to never pay and making sure to back up your files, either through a backup service or manually with an external hard drive. Refusing to pay might result in a total loss of your data, but the alternative is giving in to thieves.

3. Do your research. In most cases, because hackers want money, ransom notes are pretty transparent. You’ll likely be given an email address and the name of the ransomware used to target your machine. If there’s no name given for the ransomware, there’s the possibility that it could just be a bluff. This is why it’s a good idea to try and do some research using Google or another search engine to try and identify the name of the ransomware, as it’ll help inform you of the best course of action. If you can’t spot an obvious name for your ransomware, as a last resort, any text in the ransom note can be Googled to aid you in determining which you’re dealing with.

4. Remove the ransomware from your device. Once you have a better understanding of what type of ransomware you’re dealing with, you have a couple of options: try some troubleshooting yourself or bring your device to an expert. If you’re comfortable working “under the hood” on your computer, you can try rebooting in safe mode to run security software scans and/or utilize Windows System Restore or OS X Recovery to try and return your computer back to its pre-ransomware state (Windows 10 users must manually turn this feature on). Keep in mind, many hackers know about system restore options for both PCs and Macs, and more aggressive ransomware immediately disables these functions. Still, against less aggressive ransomware, this feature can be a great way to return your system back to normal. If you’re dealing with ransomware on a mobile device, there may be similar things you can try.

Sites like No More Ransom, managed by a coalition of law enforcement and IT professionals, are leading the way in the fight against ransomware by building a databases of decryptors, which individuals can use to remove and/or decrypt ransomware infecting their systems from home. While not every strain of ransomware has an available decryptor, it’s worth taking a look if you’re comfortable trying to decrypt your ransomware at home. Ultimately, it may be in your best interest to take your computer or device to a professional no matter what so you can be 100% sure that the infection has been completely removed.

5. Contact law enforcement. Ransomware hackers are criminals, and what they’re doing is a crime, so you can and should contact law enforcement to report if you are a ransomware victim. You might consider contacting your local law enforcement agency, but your best bet is probably going to be the closest FBI office to your area. If you’ve paid the ransom, there’s probably little chance you’ll get your money back, but giving as much information as possible to the FBI can help toward apprehending the cybercriminals responsible for the attack.

6. Outsmart the bad guys by using your backups. This advice is touted most commonly as the best solution because it is. With a backup and a simple reinstallation of your operating system, any hackers will be out of your hair. As a bonus, your system will likely run faster after a fresh reinstallation too, but if you don’t backup your files frequently, you won’t have this option. If managing your own backups manually seems too difficult, consider using an online backup service, which automates the backup process to ensure you’ve got copies of your most important files safely stored on a secure, external server. Just remember to make sure you don’t perform any restorations that might reinfect your system – if you can’t identify where the ransomware came from, it might be a good idea to restore from an older backup to be on the safe side.

Consider investing in Internet security software for your devices so that when the time comes, you’re ready to take down malware. For more information about malware, including ransomware, you can read our Internet security software blog, which is filled with tips to keep you safe while you browse the Internet.