Fast Response, Quality Service, 24/7 Technical Support

Data Recovery

If your data becomes inaccessible, a data recovery service becomes an option.

IT Support Brisbane Man

How to Recover Data from the Encryption Virus

Data Recovery– by CRT

If you are reading this blog about on how to recover data from the encryption virus and you are non IT, then please get in touch with us or your IT Support provider as it is important to take the correct steps to recover your information. If you take incorrect steps you could cause irrecoverable damage to your files.

Get in touch with CRT!

Get in Touch
With Us

What to look for

CRT Data Recovery

Our managed services IT Support prices are competitive. If you would like a quote or would like to meet us, please drop us a line on 1300 760 339 and we will be more than happy to talk with you.

We are experts in data recovery, server support, network support and supporting workstations.

We are familiar with a wide range of softwares to do with various industries such as Accounting, Legal Firms, Medical IT and general business.

Data Recovery– by CRT​

To begin it is important to know how the encryption virus works. I have seen a few different versions of this encryption virus, some are more aggressive than others. If you have a server and workstation environment and the workstation is the PC that gets the encryption virus, the encryption virus immediately starts to encrypt all the files, word documents, pdf files, txt documents, pictures, spreadsheets, etc. It encrypts any of these files locally first as well as it takes a look to see which network drives are mapped to this particular machine. That is the process that is followed generally with an encryption virus. The more aggressive encryption virus that I have seen will actually scan the entire network for any machines that have got an open network share, so the network drive doesn’t even need to be mapped to that machine it will still get encrypted.


CRT - Data Recovery

When it is done encrypting all the files it would then create a document in each folder describing their way of retrieving your data, and their way of retrieving your encrypted data is to pay them a fee and then they will decrypt all your files. I don’t know about you but I do not feel right in enabling these guys by paying them a fee. I would rather recover my data without paying any fee even if it means paying IT Support to recover my data. Now, if you do not have a backup of that PC on an external drive that is not connected at the time of getting the encryption virus, then you do not have a recovery option on that machine. However, there are some other opportunities to recover files if you have the following scenario.

If you are using a client server environment, and the PC that contracted the encryption virus is a workstation, and you want to recover the files on the server, then you can then go to the server and you can right click the data folder. If you get the option to restore previous versions, you can then restore a previous version of that folder. This scenario is only available if you have shadow copies turn on your server. I do suggest that if it ís not turned on that you to turn it on now, just in case you get an encryption virus in the future because it is a handy tool for recovery.

The best defence against the encryption virus is to have a reliable backup solution in place and this backup solution needs to consist of external drives that get rotated so that at any given time one of your backup drives are not connected. The way when you do get the encryption virus you always have an offsite backup to restore from.

A Little bit about CRT

Cloud Backup Solution

The other option is to use our Cloud Backup solution which sends an offsite backup into the cloud and you can recover any version of the encrypted files or folders.

If you got the encryption virus on a PC and there is no server involved and there are no backups to restore from, you cannot right click the folder to restore shadow copies, although we try this every time in the hope that we can. This is because one of the first steps the encryption virus takes is to delete the shadow copies so that you cannot use the simplest step for recovery.

I haven’t tried this next step but I do think this may be an option. You can purchase the software called Get Data Back, which is a data recovery tool to recover deleted files. The reason why I say this might be an option is because I have seen the encryption virus actually encrypt the file and make a new file and then it deletes the source. So this is may be an option.


CRT - Cloud Backup

If you need any help recovering your files from an encryption virus we would love to give you assistance. Please get in touch with anyone from our office at 1300 760 339. Thank you.


CRT – The most Trusted IT Support provider

Data Integrity

CRT ensures your backups are secure and integral by performing routine test restores of your data.

Server Monitoring

CRT provides 24/7 around the clock monitoring of your server keeping systems secure and efficient.

CRT Firewall

CRT will monitor your firewall always ensuring your systems are kept safe and secure.


CRT will ensure that there are no bottlenecks on your network hindering speed and efficiency of your medical programs.


CRT have a managed enterprise grade Anti Virus that will protect your PC’S , SERVER’S and Network from attacks from the outside world.


CRT follows strict processes to comply with accreditation standards. We can help you achieve accreditation for your practice.

Network IT Policy

CRT will ensure that there are no bottlenecks on your network hindering speed and efficiency of your medical programs.

Help desk

CRT maintains a high level of availability to trained staff that are always ready to take your call.

Medical IT

We provide Medical IT Support to multiple Medical Practices throughout Australia.