Data Recovery following a Ransomware Attack

Ransomware is an ever-growing threat – but if you’re the victim of one, how likely is it that your data can be recovered?

Data recovery following a ransomware attack is certainly possible, and there are a number of routes you can take, However, the chances of your data being accessible again depends on a number of variables that we will discuss in this post.

What is ransomware?
Ransomware is malicious software that infects and spreads through a system, encrypting files it can find, rendering them inaccessible without a unique decryption key. In order to access the decryption key, the unsuspecting victim must pay a ransom. Depending who the target is – cybercriminals can target anyone from a home user to a multinational corporation – the ransom could range from a few hundred to several million pounds, For businesses, there has been a trend for attackers to also threaten to leak sensitive information in a bid to ramp up the pressure.

Prevention is better than cure
With ransomware, prevention is better than cure, and it’s vital that you have a robust data protection strategy in place so that should you fall victim to an attack, you’ll have a solid ransomware data recovery strategy. This is more applicable to businesses, but home users can benefit from adopting such a strategy, too.

First, you should keep everything backed up, as restoring from a backup, as we’ll discuss later, is the best ransomware data recovery method. Make sure your backups are as protected as your main systems, and store at least one copy offline or ideally, offsite. Storing a backup offsite will allow you recover your data in the event of other problems like fires or floods. Second, create an inventory of your data, and categorise it so you can store certain data in certain places. For example, there might be somewhere specifically for customer records and other regulated data. Third, identify your endpoints and identify the possible routes that a cybercriminal could take to infect your system.

Data recovery options following a ransomware attack
Should you be unfortunate enough to be the victim of a ransomware attack, there are several ransomware data recovery methods you can turn to. The first and most obvious one is to restore from your latest backup. Remember to eliminate the ransomware before you restore from your backup first, by resetting your system or computer back to its factory settings. You may also be able to use Windows System Restore, a tool built into Windows which enables you to roll back to a certain point in time when needed. If there is a particular file that you need, it might also be worth trying Windows File Versions. If you right-click on the file you want and select properties, there will be a tab named Previous Versions. There will be a list of restore points to choose from, similar to Windows System Restore.

Another option is to use a ransomware decryption tool, effectively what those responsible for the ransomware attack are trying to get you to buy. However, this is dependent on the type of ransomware you get infected with; for newer, advanced forms of encryption, data recovery via a decryption tool won’t be a viable route. The No More Ransomware project offers free decryption tools for dozens of ransomware, making data recovery quick and easy.

