How to recover from Ransomware Attacks

Ransomware hits are common now, attacking everywhere and everyone. Don’t get panic if you got hit by an attack, there are several ways you can recover your data to an extent.

1. Find out which Ransomware you have.

a) If you can access your folders, files, Desktop and you are passing ransom note screen, it must be a screen locking ransomware. It must refer to Government authorities says that you been caught looking porns or some fine you need to pay etc. More of prank. Which is not so bad, you can ignore them easily and report to concern departments.

b)If you can browse directories, applications and not able to browse important data such as office files, emails, etc. then you have the worst attack. Encrypting Ransomware.

c)There could be chances of fake encryption and scare you to paying. Just go to all directories and confirm. Close Web Browser Service immediately.

2. Never Pay Ransom.

Most security experts, as well as Microsoft itself, advise against paying any ransoms. There’s no guarantee you’ll get your files back if you pay and paying just encourages more ransomware attacks.

However, when you need to recover legal, medical or business records, precious family photos or other important files, paying $300 or so looks like a viable option — and most ransomware criminals do unlock the files after ransoms have been paid. So, we’d rather stay neutral on the subject of whether paying ransoms is advisable or morally acceptable.

How to deal with encrypting ransomware

Because encrypting ransomware is the most common and most harmful kind, we’ll deal with that first. Perform each of these steps in order, even if you know you’ve recently backed up your files. Stop when you’ve succeeded in recovering your files.

  • Disconnect your machine from any others, and from any external drives. If you’re on a network, go offline. You don’t want the ransomware to spread to other devices on your local network or to file-syncing services such as Dropbox.
  • Use a smartphone or a camera to take a photograph of the ransom note presented on your screen. If you can take a screenshot, do so as well. You’ll want to file a police report later, after you go through all these steps.
  • Use antivirus or anti-malware software to clean the ransomware from the machine, but only do so if you are determined not to pay the ransom. (Otherwise, wait until you’ve recovered your files.) You may have to reboot into Safe Mode by pressing the power button and the S key on the keyboard at the same time.

Removing the ransomware will not decrypt your files, and it may kill your chances of getting the files back by paying the ransom. But it will let you carry out all of the following steps without the risk that the ransomware will encrypt new files or try to thwart the recovery process.

Use Emsisoft Anti Malware/ Bitdefender Cloud Security

  • See if you can recover deleted files. Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Fortunately, you can often recover deleted files easily with tools such as the free Shadow Explorer or the paid Data Recovery
  • See if there are decryption tools available. If you already know the name of the ransomware strain, cruise over to the list of decryption tools at the emsisoft decrypter website and see if there’s a matching decryptor
  • Restore your files from a backup. If you regularly back up the affected machine, you should be able to restore the files from the backup. However, you’ll want to make sure the backup files weren’t encrypted too. Plug a backup drive into another machine, or log in to an Acronis Cyber Cloud, to check on the status of the files. (You should also make sure you have the installation media and/or license keys for all third-party applications.). If all is good, you’ll want to fully wipe the drive, do a clean installation of the operating system and then restore the files from the backup.You could also just restore the files from the backup drive without wiping and reinstalling the OS. This might seem like less trouble, but it’s not a good idea — you might leave some trace of the ransomware on the machine, even after performing a full antivirus scan.

If these methods don’t work, you’ll have to make a choice: pay the ransom or give up the files.

  • If you’re going to pay the ransom, negotiate first. Many ransomware notes have instructions on how to contact the criminals running the malware. If so, contact them and haggle for a lower ransom. It works more often than you’d think. Once you agree on a set price, follow the instructions for paying. There’s no guarantee that your files will actually be freed, but the more sophisticated ransomware criminals usually do live up to their word.
  • Give up on the files and reinstall the operating system. If you’d rather just cut bait, then you should do a full wipe and reinstallation of the operating system. Windows 10 lets you factory reset many devices, but with other operating systems, you’ll have to use installation disks or USB sticks.
  • File a police report. This sounds pointless, but it’s a necessary legal step if you want to file an insurance claim or a lawsuit related to your infection. It will also help authorities keep track of infection rates and spreads

At Dataguard, we help Customers to build a Ransomware proof Infrastructure. We fight against ransomware using Bitdefender Cloud Security, Vircom ModusCloud, Acronis Cyber Cloud and Emsisoft Decrypter.

Talk to us :


Join the Conversation


Leave a comment

Your email address will not be published. Required fields are marked *