It may be tempting, but no – it rewards criminal activities and extortion is an ugly crime. From our research, we know that days or weeks can pass from making a payment to receiving the key. You may not get the key at all, or the key may not properly decrypt your files.

The files typically run RSA2048+ strength encryption, and therefore you won't be able to brute force it open.

Please see the Webroot Malware Prevention Guide which discusses the topic in detail. Our top 5 suggestions are:

• Use reputable and proven endpoint security
• Back-up your data
• User Education
• Patch and keep software up to date
• Filter EXEs in email

Webroot has built up a strong reputation for stopping crypto-ransomware and Webroot was the first antivirus and antimalware vendor to move completely away from the standard signature-based file detection method. By harnessing the power of cloud computing, Webroot replaced traditional reactive antivirus with a proactive real-time endpoint monitoring and threat intelligence approach, defending each endpoint individually while gathering, analyzing, and propagating threat data collectively.

This predictive infection prevention model enables Webroot solutions to accurately categorize existing, modified, and brand new executable files and processes at the point of execution to determine their known good, bad, or undetermined status. Using this approach Webroot rapidly identifies and blocks many more infections than the normal antivirus signature approach and we are highly proficient at detecting and stopping crypto-ransomware.

Of course, you need protection that covers multiple threat vectors. For instance: email URL links that act as entrants to phishing sites (why real-time anti-phishing protection is key), web browser protection to stop browser threats, and web reputation to stop users accessing risky sites that might only occasionally be unsafe. A regular backup schedule, patching, and user education are all essential elements of defense-in-depth approach.

We often get asked the leading ‘elephant in the room’ question - “which endpoint security solution will offer 100% prevention and protection from crypto-ransomware?” The blunt answer is none. Even the best endpoint security (which we pride ourselves on constantly innovating and striving towards) will be highly effective most of the time. At other times, a cybercriminal will have tested and found a way to circumvent our or others endpoint security defenses and their attack will succeed.

Webroot’s Threat Research Team regularly discovers new threats and updated versions of older threats. We strive to provide the most up-to-date security protection to our customers as soon as possible, but please be aware that new spyware, viruses, trojans and worms can emerge daily, even hourly. These threats often have randomly generated filenames, folder names, hashes, registry hives and keys, and can use root-specific techniques to hide themselves from antivirus detection and the Windows operating system.

Malware can be bundled with free or shareware programs, so always be sure to read and understand the EULA before installing a program. Another common way that malware is delivered is P2P file sharing clients such as Kazaa. Codecs required to play free movies or music that you downloaded from the Internet can also infect your system when you install them. Websites with hijacked frames or ads can silently drop malware onto your computer when you visit a site, sometimes without even clicking a link. Other compromised sites may launch what appear to be legitimate popups, which begin downloading malware to your computer if you click within their windows.

Even when you take all possible precautions, your computer cannot be 100% invulnerable to attack. Try to think of Security Software as a flu shot and computer viruses as the common flu. Getting a flu shot does not guarantee that you will not get sick, especially if a new strain emerges, but the shot does decrease your chances. For such cases, we provide free phone and ticket-guided malware removal assistance.

To manually remove a threat with Webroot SecureAnywhere software, open the program and click Scan Now. SecureAnywhere will then run a scan and show you what threats, if any, it detected. Follow the on-screen prompts for removal of the infection. Once complete, follow our Post-Infection Checklist to assist in securing your endpoints, users, and credentials. If Webroot SecureAnywhere is unable to remove the threat, open a ticket.