Ransomware and Data Recovery

Ransomware is a type of malware that locks machines or encrypts files on computers, demanding a ransom to give the user access to their data again. Try not to panic or make rash decisions – and follow these tips.

The term ransomware is a blanket descriptor of multiple types of malware, each with varying levels of severity, but all with the end goal of making the victim of the attack pay up. There are broadly three main types of ransomware: encryption ransomware, lock screen ransomware, and master boot record (MBR) ransomware. Encryption ransomware encrypts all or some of the files on a storage device so the information cannot be accessed without first being decrypted. In order to receive the decryption key and the ability to access their data again, the victim of an encryption ransomware attack must pay a fee. Examples of encryption ransomware include the well-known CryptoLocker program, along with CryptoWall and Locky. Lock screen ransomware pretty much does what it says on the tin – it locks the system so the data stored within can’t be accessed without paying a specified amount. Winlocker is perhaps the most famous lock screen ransomware program. Master boot record (MBR) ransomware is a variation of lock screen ransomware that renders the user’s operating system unbootable by overwriting the affected machine’s MBR. The Petya ransomware that hit the NHS a few years back is probably the best-known example of MBR ransomware.

If you are affected by a ransomware attack, it’s vital that you don’t pay the ransom. For a start, there’s no guarantee that you’ll actually see the decryption key delivered to you, meaning you’ll have wasted what’s likely to be hundreds of pounds. In the grand scheme of things though, paying cybercriminals only encourages further developments in ransomware; the best way to halt this is to discourage hackers from thinking this is a viable way of making money. So, if you shouldn’t pay to get your data back, how do you go about doing so?

Your first option to recover your data should be to restore a backup or use your operating system’s system recovery service. Depending on how advanced the ransomware is, there’s a decent possibility you’ll simply be able to restore your machine back to a previous moment in time, along with your files. If this isn’t possible, and you have a backup of your data, the best course of action might be to restore your machine back to its factory settings, and then restore your data from the backup. Some ransomware can affect local backups to, so it’s vital that you have an up-to-date backup that isn’t always connected to your computer. If you have been the victim of a lock screen ransomware and are unable to boot into your operating system, you should be able to remove your hard drive or solid-state drive from the affected machine and connect it to another one. Using a program like AntiWinLocker, you should be able to gain access to your files and folders without having to type in your Windows login and password. Finally, there are programs like DecryptCryptoLocker that will be able to decrypt your files and allow them to be accessed again. Try putting the ransomware that has affected your data into a search engine to see if there are any such programs out there.

If you’ve been affected by ransomware or any other type of malware, and aren’t able to recover your data – our virus recovery team might be able to help. Data Recovery Specialists have years of experience recovering data from drives that have suffered ransomware attacks – get in touch now for a free diagnosis and no-obligation quote.

Virus Recovery