PSA: No More Ransom

PSA: No More Ransom: Just a quick public service announcement. If your PC has been infected with Ransomware and you don’t have a full system image backup, then you may be thinking of paying the ransom to get your files back. Before you do this, check out this website:

Click to open a new tab to this website

Of course, you’ll need to visit it from an uninfected computer, and download a set of possible keys you could use to decrypt your hard drive. No guarantees, but it’s definitely worth a shot to try before you give up. The site was put together by a consortium of:

  1. The European Cybercrime Center (EC3)
  2. Politie (German language)
  3. Kaspersky Lab
  4. Intel Security

These are serious players in the fight against cybercrime. What they’ve done is hacked the hackers, and collected a large quantity of encryption keys that are used by ransomware bad actors. Ransomware is constantly morphing and variants are spinning off and being sold on the ‘darknet’, so it’s no sure thing that you’ll be saved. How it works is this:

  1. You upload two encrypted files from your infected computer (you can put them on a thumbdrive and then upload them from another computer)
  2. You provide information from the ransom note displayed on the infected computer
  3. The “Crypto Sherriff” checks those files against the database of keys and lets you know if there’s a match


Of course, your best bet is to avoid infection, and to have a good backup of your computer. For Microsoft Windows PCs, I have a handy guide for backing up your computer in this article: Old School Backup. Your goal is to have a System Image of your computer on an external hard drive, a Windows System Repair Disk, and a recent backup of your personal data files (either using Windows built-in Backup or File History, or a manual copy of your personal folders to the external hard drive). With those items in hand, even if your computer is infected and encrypted, you can restore the system image and your personal files quickly. Leaving no trace of the infection since you’re completely overwriting the hard drive with the backed up system image.

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to (no Paypal account required)
(using any credit card)

or by mailing a check/cash to LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.