Some malware makes such far-reaching changes to the operating system of a desktop computer or laptop that it cannot be repaired even with very advanced security solutions. The best method of tackling infections in such cases is to reformat the system drive and restore system image files that have been backed up in advance.

In the event of a ransomware infection, the data and, where applicable, application programs are reconstructed from backups. In many scenarios, this method is less laborious and easier to perform than a full installation. It is also considerably more secure than any attempt to remove the malware.

However, this BSI-recommended method of tackling infections does rely on having up-to-date backups available — both of your operating system and of all data and programs. The BSI therefore strongly advises you to create regular backups. Up-to-date backups are not only an effective way of safeguarding against the rampant blackmail attempts that come with ransomware attacks, they also prevent data being lost should your hardware have a defect.

Ten steps to tackle infections

1. If you suspect your computer has been infected with malware, you should finish your work quickly, but in the usual way. Above all: do not panic!
2. Turn your computer off.
3. If you're not an expert, it's best to get professional advice. Tackling malware can be a very tricky and technically challenging undertaking. It's best to use a 'rescue solution', which many anti-virus software providers make available as a free download. These types of solution are often offered as 'ISO files', which are designed to be downloaded onto another computer that is free of infection, before being burned to a CD or saved to a USB stick. You then have a clean boot medium that you can use to start your computer without having to use the infected operating system.
4. Once you have inserted the CD or USB stick, turn your computer on again and, just after it has started and while it is booting up, call up its firmware (known as the UEFI or BIOS). In the firmware, select the BOOT menu item and set either the CD drive or the USB port — depending on which storage medium you used to save your rescue solution — to the first position in the boot sequence. If you now exit the BIOS or UEFI settings via the EXIT-SAVE option, the computer loads the operating system not from the potentially infected hard disk, but from the clean CD drive or the USB stick.
5. Back up any important data if you have not already done so. Most rescue solutions come with a tool for this.
6. Scan the PC or laptop using the rescue solution's scanning function.
7. If the scan identifies a malicious program, now select the option in the rescue solution to remove the detected malware. If this does not work automatically, you may find a malware database on the manufacturer's website, which will give you step-by-step instructions on what to do in your specific case.
8. Scan all storage media, including the system hard disk, once again to make sure all trace of the malware really has been removed. If it has, shut down your computer, restart it, then set your system hard disk back to the first boot position as described in step 4.
9. If the malware has deleted, encrypted or modified data or programs, you can reconstruct them from backups (if you have them).
10. Finally, you should now try to get to the bottom of where the malware infection came from. If a genuine storage medium is the only possible source, please inform the manufacturer and the BS Iimmediately. Or if the malware got into your system via a file or an e-mail, you should check whether you know the creator of the file or sender of the e-mail and, if you do, notify them of the situation. If you yourself have sent or forwarded data from an infected computer in the meantime, make all the recipients aware of what has happened.