Solved – How to Recover Files After a Ransomware Attack

Posted on |Computer, Internet, Software, Tech|| 0

Ransomware is the most common danger that may strike you online nowadays. Cybercriminals infect and extort money from schools, businesses, police departments, hospitals and home users. Hackers’ spam campaigns contain millions of malicious messages spread all over the world in just one day.

At this very moment, someone is clicking on a wrong link or opening an infected email attachment. In a few seconds, all of their files are going to be encrypted. Unless they have got a backup (most people do not have backups), these ransomware victims will have only a couple of days to pay the ransom. Otherwise, their data files will be gone forever.


No matter what ransomware type hit you, possessing a reliable backup is the most optimal situation.

You should not appear powerless if suddenly all of your files get encrypted. There are a lot of useful tips that you can follow to minimize or fully dwarf the impact of a ransomware attack. Here is what you should do.

Step 1
In case your PC is part of a local network, disconnect it. You should switch off both the local and the Internet connection. Make sure to turn off the Bluetooth and Wi-Fi too.

Step 2
Boot your computer in Safe Mode and scan it with your antivirus software. Remove the infection once your antivirus finds it.

Step 3
Make a copy of all of your infected files. It’s good to copy the entire disc drive to a USB flash drive. That data may be useful for analyses and decryption routines. No matter if you’re planning to buy the decryption key from hackers or use a free tool created by cybersecurity experts, it’s good to have several sets of files just in case something goes wrong during the decryption process. If your decryption efforts fail and the first file set will be gone forever, you’ll be able to try again with your another backup.

Step 4
Check and see if your system has a recent restore point. Try to roll back to the previous point.

Step 5
For people with fresh backups, things are not so bad. Format all of your letter drives and reinstall Windows. Recover your backed up files after that.

Step 6
If there is no backup, try recovery software programs such as Stellar Phoenix, Trash, Data Recovery Window, Recuva, File Allocation Table etc.

Step 7
One more wise move is to check if the previous file versions are available. Employ the Shadow Volume Copies feature.

Step 8
Try Shadow Explorer tool, instructions are here.

Step 9
If getting your files back on your own is impossible, do not give up. Try to identify what exactly variant of ransomware hit you.

Step 10
Once you know what ransomware hit your system, try finding a suitable decryptor.

Step 11
In case you are still in trouble, visit the dedicated online community. Add your case to the corresponding ransomware discussion threat. You will receive the best advice there. In case decryption is not an option at the moment, you will be updated once it becomes available.

Step 12
You shouldn’t consider paying the ransom, It’s hard to advise people not to pay if you’re not in their shoes but these payments only motivate hackers to spread more ransomware viruses. The only way to stop this criminal business is to cut the money flows.

Step 13
Upon having decrypted the files and eliminated the ransomware, use the Ransom Note Cleaner to erase all the Ransomware Notes and other junk left by the virus.

Step 14
Lastly, it’s important to report on your ransomware problem to a nearby cybercrime unit, police or the FBI.

Kirat Author

Leave a Reply

Required fields are marked *