If your computer has had a virus before, you know the frustration of trying to open your files, only to find that they’re inaccessible. There is nothing worse; especially when you’re relying on your computer to manage or run a business. With ransomware, a nasty virus that encrypts your files and refuses to provide an unlock key until you pay for it, there is a slim chance you will ever be able to retrieve your data unless you pay a hefty ransom. We’ve outlined a few methods for easy computer data recovery so that you can retrieve your ransomware virus encrypted files without complying with malware demands.
Recovering files
If your files have been encrypted, decrypting them is impossible without the encryption key. You can get the encryption key to unlock your files by paying the ransom, but this will mean funding cyber criminals. Here are some steps to save as much of your data as possible after a ransomware attack in three steps:
Step 1: Run a scan to completely remove any trace of the cryptovirus, plus clear your browser cache or spam emails that may have caused the infections. You can use tools such as Hitman Pro and combofix, or another dedicated crypto-kill tool to do this. Be prepared to turn off Internet connectivity if you have been compromised. This will prevent malware on your computer from communicating to a remote system that could cause more disruption.
Step 2: Install a security tool that detects the corrupted files and then creates a list of the the data affected by the malware. This will give you an idea of which files you need to restore and how many you’re dealing with. Keep in mind, this method needs to be performed as quickly as possible before the ransomware virus completely erases your data.
Step 3: Decide if you want to restore the files you can, or if you’d rather pay the ransom to get your encryption key. Paying the ransom is not advised, as this means funding cybercriminals, but is an option if retrieving your data is urgent. If you want the encryption key, pay the ransom before you try to remove the virus. Once the ransom is paid, you can use Malwarebytes to remove the malware. On the other hand, if you want to restore your files without paying the ransom, follow the rest of the steps below.
Step 4: Do a system restore of your files using Shadow copies.This may allow you to restore previous file versions by right-clicking on a file and choosing Properties, then selecting the Previous Versions tab. As long as the cryptovirus hasn’t deleted these copies, this should reveal all of your previous file versions so you can decide to restore the most recent. This may not recover all of your recent changes, but it’s something. Be sure to choose a version prior to the Ransomware virus, or you’ll copy it with the new file.
If you’d like to restore multiple files at a time, follow this file recovery tutorial.
There are also a few preventative measures you can take so you don’t find yourself scrambling to get your files back.
A site called FoolishIT hosts a program called cryptoprevent which is not a bad tool for home computers, but of course it is less than 100% effective at preventing cryptovirus infections.
The most foolproof way to prevent this type of data loss is to install a cloud based data backup software that will automatically and continuously backup the data on your computer or network of computers and drives. One of the leading companies that can ensure the safety of your files is Nordic Backup. By installing a backup software you can restore your files from anywhere, at anytime so you never have to put your business on hold. This is especially essential in data recovery if the virus causes serious damage and corrupts your files beyond retrieval.
Nobody likes to have their data under attack. Viruses can corrupt your files and lead to data loss, but if you are prepared to fight back, and take the right precautions for next time, then these methods can help you recover your infected data. If you have any questions about how to keep your data safe and recoverable, contact Nordic Backup today!