We are all at risk from the many different types of malicious software out there and not being proactive about your online security can cost you time, money, data and a great deal of stress. That's why we advocate learning as much as you can about common threats, whilst also taking steps to protect yourself. In this instance we are going to be looking at a type of malware called ransomware so that if you should come across this very unpleasant attacker, you will hopefully be better prepared to deal with it.
What is help_recover_instructions+... ransomware?
The name has probably given the game away already – no prizes for guessing that ransomware is something that has been created to kidnap your files and data and then encrypt them so that you are not able to access them. Once your files have been subjected to this form of lock down you will then, in good old time honored fashion, receive a ransom note from your data's kidnapper. It's usually a text file for example help_recover_instructions+gtr.txt but it can also be a PNG file or a pop-up message on your computer screen.
This will, naturally, tell you that if you ever want to see your files again, you will need to pay a sum of money. The way this works, is in theory, by the kidnapper sending you a code which you can use to decrypt your data once they have received your payment. However – and it is a big however – I don't recommend that you pay a penny.
Why you shouldn't pay the ransom
There are a number of reasons, but probably the biggest one, for you personally at least, is that there is absolutely no guarantee that you'll receive the decryption code in return for your payment. These are sophisticated cyber criminals we are dealing with here after all – honesty is probably not in their company mission statement!
In addition to this, by capitulating to their demands, you are only reinforcing the fact that their business model is a nice little money spinner. The more people pay, the more they will keep targeting innocent users like you and me.
It can be tempting to give in especially as a lot of ransomware adds to the stress you are already feeling by either pretending that the help recover instructions+... ransom note has been sent by a law enforcement agency, such as the FBI or CIA, or they'll tell you that the decryption code won't work after a certain point in time and your files will be lost for good.
What should I do if I've been infected?
It's easy to say, but try not to panic. And whatever you do, don't pay the ransom unless the encrypted files are very important and you can't afford to lose them. If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer, Recuva and some other specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that cyber crooks will recover your files. If you have any questions, please leave a comment below. Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win.
Written by Michael Kaur, http://deletemalware.blogspot.com
Step 1: Removing help_recover_instructions+... and related malware:
Before restoring your files from shadow copies, make sure the ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.
1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.
2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.
That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.
Step 2: Restoring files encrypted by help_recover_instructions virus:
Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.
Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.
Method 3: Using the Shadow Volume Copies:
1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.
2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.
3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.
Hopefully, this will help you to restore all encrypted files or at least some of them.