Recover from ransomware – the smart way
There are different kinds of ransomware. Some lock your computer until you pay, while others are more clever and subtle, allowing you to continue to use your computer but encrypting certain files and forcing you to pay to decrypt them or lose them forever.
“Ransomware can be a particular nasty problem.”
In this guide we’ll refer to the first type of threat, which locks down the whole system, as ‘locking ransomware’ and threats that encrypts individual files as ‘encrypting ransom-ware’. There is another, less tricky type of ransomware that tries to scare victims into paying but which does not lock the system or encrypt files. Any regular anti-malware product will be able to remove this nuisance, such as BullGuard Internet Security.
Ransomware can be a particular nasty problem and many of the solutions provided below require a degree of foresight. For example, you may need to invest in some backup system or at least prepare a few basic tools such as a Windows System Repair Disc. Armed with these, and a good anti-malware product, you will be in good shape to face the ransom-ware threat.
Removing locking ransomware
If you have a locking ransomware infection then running anti-malware tools is not usually easy because you can’t run any applications! The answer is often to use Windows System Restore. If you are using a version of Windows that is earlier than Windows 10, reboot the computer and press the F8 key. If you are using Windows 10 you’ll need to insert your original installation media or a System Repair Disc that you generated before you experienced problems.
Once you see the Advanced Boot Options choose ‘Repair Your Computer’. You should now see a list of options including System Restore. Click this link to begin a process whereby system files are restored and, we hope, the bad software is removed. Your own files will be left intact.
If this fails then you can use an offline scanner to attempt to fix the problem. You can download these from your anti-malware company’s website for free. They allow you to boot your PC from a disc or USB drive and run an anti-malware scan even though Windows is not working. You might still need to resort to System Restore afterwards to make the system stable.
Removing encrypting ransomware
Most decent anti-malware products should be able to remove encrypting ransomware. This type of threat does not rely on being hard to remove – it’s aim is to make your files unavailable until you pay up. Run an anti-malware scan and ensure that you keep your anti-malware software updated to avoid future infections.
Your PC might be clean but your files are no longer available to you. How can you recover from this disaster? The easiest option is to look for previous versions of files that you’ve stored elsewhere. If you’ve emailed documents or photos then your email program or online account may still have copies. Old USB sticks and drives can be lifesavers when you discover important documents, albeit slightly out of date, intact. You might even find some valuable files on your phone, tablet and other devices.
Cloud file storage is very popular and your files could be surviving on Dropbox, Google Drive and other services. Some of these, including Dropbox, store previous versions of files for 30 days. If you move fast you might be able to recover your data by downloading these older versions.
Nothing beats a proper backup, though, so choose a system as quickly as possible and look for one that supports previous file versions. An online backup system that gives you previous versions, such as the one that comes as standard with BullGuard Internet Security, will defeat the lasting effects of encrypting ransom-ware.
If you are reading this because your files are locked and you have made no preparation for such an eventuality then most of the advice above will probably be irritating to read, rather than helpful. You want your files and they are gone. What can you do?
It’s a bit of a long shot but some of your data might still be on your hard disk, even though the files do not appear to be there. This is because Windows doesn’t really delete files; instead it marks them as disposable and hides them from you when you open Explorer and other applications. In many cases the actual data can sit on the disk for days without being damaged.
To access this data-in-limbo you’ll need a recovery tool such as PhotoRec. This is available for Windows but also comes included on the Knoppix live Linux boot disk. Using another computer to download the software from Knoppix.net and burn it to a CD or create a bootable USB drive. You can then boot your normal PC using this system and attempt to recover deleted files.
Choosing a backup system
Ultimately the real answer to every type of ransomware is to back up your files. When you choose a backup system consider first whether or not your internet connection will handle all of your data. If you have an upload limit bear this in mind before you subscribe to an unlimited backup service.
“The backup process can take weeks before all of your files are copied online.”
Even if you have no upload restrictions you may be surprised how long it takes to get online backup running smoothly. When you first install it the process can take weeks before all of your files are copied online. After that things should be easy, as only new and newly-changed files are uploaded.
If your online backup client allows you to schedule uploads, consider restricting this process to overnight when you’re less likely to compete for bandwidth. If you leave your PC running all day when you’re at work this is less of an issue.
When choosing a service pay attention to those that allow you to restrict the types of data that will be saved. Do you really need to backup large video files or your archive of downloaded music? If you can recover the data another way consider excluding it from your backup to save time and money.
This is an independent guide from the Alphr editorial team. This content was produced to the same impartial standards as the main content on our site but paid for by BullGuard.