While any malware is unwelcome and must be avoided at all costs, stealthy attacks such as the NOBAD ransomware can be so concerning that the user might not even know where to start.
This ransomware is capable of making a stealthy entry into your system or network and takeover your files and encrypt them.
Before you even realize you are under an attack, all your documents will be under the control of the hacker from some unknown location.
You will only be left with staring at a message which very politely informs you that you cannot access any of your files on your computer, as they have all been encrypted. If you wish to repossess them, then you need to make a ransom payment.
The hacker would then try and convince you that you are dealing with the right person by sending a sample decrypting tool, using which you can open one or two files.
The difficult part would be the demand to make the payment in cryptocurrency. But the worst-case scenario is if you do end up making the payment, but there is no response from the hacker to decrypt your files.
However, you can remove the NOBAD ransomware from your computer as below.
Applying the Safe Mode and Networking Solutions
- The first step is to reboot your system using the Safe Mode. To do this, first press the Restart button.
- As the rebooting process starts, you will have to press the F8 key several times.
- This will take you to the Advanced Booting Options screen.
- On that, choose the Safe Mode with Networking option.
- If your computer is running on Windows 10 or Windows 8, this will have to be done in a slightly different manner. You must hold the Shift key while clicking on the Restart button. This will bring up a screen with four choices, out of which you have to choose the one which says Troubleshoot → Advanced options → Startup Settings. Now click on Restart.
- From the resultant page, choose the “Enable Safe Mode with Networking” option.
- Now it will start the computer. Go to your browser and download a good anti-spyware program and run it. Order a full system scan which will detect the NOBAD ransomware and isolate it.
This process should be able to remove the NOBAD ransomware from your computer. However, there are times when the ransomware can block your move to restart in the Safe Mode with Networking route. Read on to get around this situation.
Disable NOBAD Via System Restore
In this process, again you will need to reach the rebooting screen following the steps described. If you’re using Windows 7/Vista/XP: Restart → press F8 several times → Advanced Boot Options.
On Windows 8/Windows 10: Power → Shift key+Restart → Troubleshoot and Advanced Options to reach Startup Settings
- Under Startup Settings, choose Enable Safe Mode with Command Prompt.
- On the Command Prompt window, type “cd restore” and then click “Enter.”
- This will open another line below and the cursor will blink; type “rstrui.exe”
- This will open the System Restore window; click on the Next button.
- On the next window, it will prompt a possible date for restoring your system; if the date is okay with you, just click Next again.
- There will be a confirmation window next which will ask you to choose Yes to the System Restore; click on Yes.
- Now, once the System Restore is complete and the computer is ready, you can go back to having a complete scan done on your system through an anti-spyware program to remove the NOBAD ransomware.
How to Recover the Lost Data?
So far, its fine that you could succeed in removing the NOBAD ransomware; but what happens to your important files which the hacker has locked up through encryption?
For this, you will have to seek the help of data recovery tools available in the market. Search for the ideal program that helps with the recovery of encrypted files.
These are tools employed by law enforcement agencies while trying to solve serious criminal offences or investigating leads where they raid premises and find computers and hard disks containing important information in encrypted formats.
The solution software will decrypt the files and restore them to the original formats you had saved them in before the ransomware locked it up.
Some experts suggest using the previous versions of the formats to recover encrypted files. This is feasible only when the System Restore has been activated before the ransomware attack took place.
Some Key Points to Note
If you don’t use your computer regularly or had left it unused for some time and the NOBAD ransomware had made considerable progress before you found out, then irrespective of the best efforts you make as described above, you may be left with some damage to your computer.
This may not happen in every case but it is still important to know. The other factor is that the process itself may take several hours before you are able to start working on your system as before.
The third issue to keep in view is that some of these steps—such as going through the changes through the reboot or command prompt sequences—can be risky if you are not thoroughly familiar with it.
If you consider yourself an amateur, it is advisable to seek the help of an expert before embarking on these sequences to recover your data and to eliminate the NOBAD ransomware.
Prevention Better Than Cure
That might sound like a cliché, but that is the reality. Why join the thousands who fail to protect their computers and then suffer and look for solutions? Be fully prepared.
Make a small investment in buying and installing the best anti-malware/spyware program after doing a due diligence exercise.
Ensure the program is working properly; have a thorough scan done periodically. Keep all software updated and install a VPN to further protect your system from hackers.