Deal with ransomware
Locked out of your PC or files? We have the tools and tips to get your data back.
Ransomware may not be the threat it once was – these days, businesses are more frequently targeted than consumers – but that’s not to say you’re immune. If you needed reminding, ransomware is a form of malware that encrypts all or part of your drive before hackers demand a ransom to provide you with the decryption key required to get it back again.
Most forms of ransomware target your data rather than locking you out of your entire PC. For those that do, check your security software’s website for a rescue disc. Ransomware that targets your files is trickier to remove – typically you’ll need to use a rescue disc or boot into Safe mode with networking to remove the underlying infection before you can look at recovering your files.
Recover encrypted files
If you have a recent backup, you’ll hopefully find your unencrypted files are all safely housed here, ready for you to restore. You may lose some recent work, but that’s all. That said, if your backup location is within reach of the ransomware, it may have been breached too – this is particularly true of network drives where you’ve saved the network credentials in Windows itself.
If your data is synced to the cloud, then it’s likely the encrypted files have been uploaded, but if you’re lucky your cloud provider should have file versioning enabled, allowing you to attempt to roll back to the last unencrypted backup. Instructions vary depending on your cloud provider, but taking OneDrive as an example, log into your account at https://onedrive.live. com/ and navigate to each file you want to restore. Select it and click ‘Version history’ to access all available versions to preview (where supported) and download an older version.
Sadly, you’ll have to do this for each individual file you need to recover if you’re relying on free storage, but if you’ve an Office 365 subscription you should receive a warning that lots of files have been changed or deleted and given the opportunity to roll back to earlier,
pre-infected versions. If the feature doesn’t appear automatically, click the OneDrive settings button and choose Options, then select ‘Restore your OneDrive’. After verifying your identity, you’ll be able to quickly roll back a set amount of time from the drop-down menu or choose ‘Custom date and time’ to review changes on a timeline and pinpoint the best moment to roll back to.
If you’ve no backup, or you’re looking for a quicker fix, then you’ll need to see if there’s a decryption tool for the specific ransomware infection. Your security tool has hopefully identified the ransomware type, so visit www.nomoreransom.org/en/decryptiontools.html for a comprehensive list of types, tools from reputable antivirus vendors and a guide to using them.
Be careful that you’ve got the right tool, otherwise you risk scrambling the files beyond any attempt at recovery – thankfully, some vendors like Trend Micro’s Ransomware File Decryptor tool combine all its known ransomware decryption tools inside a single program. Although you’re asked to select the ransomware type, there’s a handy ‘I don’t know the ransomware name’ link – click this and you’ll be prompted to select one of your infected files. The app with then analyse it to reveal what ransomware is behind it (and more importantly help you restore your files).
Proactive protection
Check to see if your current security tool offers protection against ransomware. Most free tools – including Microsoft Security – have measures to block known ransomware, but if you want to go further and take proactive measures, you’ll need third-party software.
Most paid-for apps offer additional protections – for example, Bitdefender 2020 ( www.bitdefender.com) offers several tools, including a Ransomware Remediation tool that’s designed to block ransomware by first blocking applications exhibiting suspicious behaviour before backing up targeted files before they can be encrypted; these are then restored if necessary. Bitdefender also offers a related tool called Safe Files. To see how it works to block unknown applications from accessing (and potentially encrypting) your files, check out the step-by-step guide below.
If your budget is tight, then free add-on protection is available too. Kaspersky
Free Anti-Ransomware ( www.kaspersky. com/anti-ransomware-tool) monitors for suspicious activity that might be symptomatic of a ransomware attack, blocking suspicious apps until you can review them (trusted apps can then be whitelisted via Manage Apps on the main menu). It’ll also protect network shares if it detects a remote machine’s attempt to encrypt its contents. You can safely install it alongside existing anti-malware tools.