Install a protection solution

Kaspersky applications with latest databases will block an attack and prevent an infection. Latest versions of Kaspersky products feature the System Watcher component, which automatically creates backup copies of files if a suspicious program tries to access them.

Regularly back up your files to the cloud or an external drive

To protect your files, create backup copies and store them in a cloud storage or a removable drive.

Install updates

Keep your operating system, software and other applications up-to-date. Updates contain fixes and improvements that make applications and the system more secure and stable.  

Also, regularly update databases of your protection solution.
With obsolete databases, the protection software will not be able to detect new threats.

Do not open attachments in emails from unknown senders

Ransomware often spreads via email attachments. Cybercriminals aim to persuade you to open the attachment, which is why they title the emails as though they contained important information such as a court order, notice of intended prosecution, late fee notice or something similar. Always check the sender’s address before opening emails or attachments.

Use strong passwords for Windows accounts if connecting through Remote Desktop.

We recommend that you use strong passwords to protect your personal data and your accounts from being hacked. Use the Remote Desktop feature from within your home or corporate network. For more information about the remote desktop feature, see the Microsoft support site. For tips on creating a strong password, see this article.

Create system restore points and backup copies of your files. This will allow you to restore the operating system to the uninfected state and restore files in case of infection or system malfunction.

For more information about backup and restore features, see Microsoft support site.

For better protection of your computer, enable the System Watcher component. It blocks malicious activity, detects and removes banners, reverts actions of malicious applications and creates backup copies of files when a malicious application tries to access them. For instructions on setting up the component, see these articles:

• Kaspersky Internet Security
• Kaspersky Total Security
• Kaspersky Anti-Virus
• Kaspersky Security Cloud
• Kaspersky Endpoint Security for Windows

Try to restore the files

You can restore files using default Windows tools. See the instructions on the Microsoft support website. 

Disable the automatic deletion of detected malicious files

If you have a Kaspersky application installed, open Settings and clear the Perform recommended actions automatically checkbox.

We do not recommend that you remove infected files from quarantine as they can contain keys for decryption.

Send suspicious files for analysis

Send a request to Kaspersky technical support via My Kaspersky. Attach an encrypted file or email message to your request.  For instructions on how to use My Kaspersky, see the Online Help page.

Kaspersky engineers do not guarantee they will decrypt the corrupted files.

• APPDATA

Windows NT/2000/XP — Drive:\Documents and Settings\%UserName%\Application Data\%USERPROFILE%\Local Settings\Application Data

Windows Vista/7/8/10 — Drive:\Users\%UserName%\AppData\Roaming\%USERPROFILE%\AppData\Local 

• TEMP (temporary catalog)

%TEMP%\xxxxxxx.tmp\, where x stands for a-z characters or 0-9 numerals
%TEMP%\xxxxxxx.tmp\xx\, where x stands for a-z characters or 0-9 numerals
%TEMP%\xxxxxxx\, where x stands for a-z characters or 0-9 numerals
%WINDIR%\Temp

• Internet Explorer temporary files folder

Windows NT/2000/XP — %USERPROFILE%\Local Settings\Temporary Internet Files\ 

Windows Vista/7/8/10 — %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\content.ie5\xxxxxxxx, where x stands for a-z characters or 0-9 numerals

• Desktop

%UserProfile%\Desktop\

Disk:\Recycler\             
Disk:\$Recycle.Bin\  
Disk:\$Recycle.Bin\s-1-5-21-??????????-??????????-??????????-1000  (where ? stands for 0-9 numerals)

%WinDir%                                                      
%SystemRoot%\system32\

%USERPROFILE%\My Documents\
%USERPROFILE%\My Documents\Downloads

%USERPROFILE%\Downloads  

%USERPROFILE%\Start Menu\Programs\Startup