Fast Response, Quality Service, 24/7 Technical Support

How to Recover Data from the Encryption Virus

If you are reading this blog about how to recover data from the encryption virus and you are non-IT, then please get in touch with us or your IT Support provider as it is important to take the correct steps to recover your information. If you take incorrect steps you could cause irrecoverable damage to your files.

Restoring Your Encrypted Data

To begin, it is important to know how the encryption virus works. I have seen a few different versions of this encryption virus, some are more aggressive than others. If you have a server and workstation environment and the workstation is the PC that gets the encryption virus, the encryption virus immediately starts to encrypt all the files, word documents, pdf files, txt documents, pictures, spreadsheets, etc.

It encrypts any of these files locally first as well as it takes a look to see which network drives are mapped to this particular machine. That is the process that is followed generally with an encryption virus. The more aggressive encryption virus that I have seen will actually scan the entire network for any machines that have got an open network share, so the network drive doesn’t even need to be mapped to that machine it will still get encrypted.

When it is done encrypting all the files it would then create a document in each folder describing their way of retrieving your data, and their way of retrieving your encrypted data is to pay them a fee and then they will decrypt all your files. I don’t know about you but I do not feel right in enabling these guys by paying them a fee.

I would rather recover my data without paying any fee even if it means paying IT Support to recover my data. Now, if you do not have a backup of that PC on an external drive that is not connected at the time of getting the encryption virus, then you do not have a recovery option on that machine. However, there are some other opportunities to recover files if you have the following scenario.

If you are using a client-server environment, and the PC that contracted the encryption virus is a workstation, and you want to recover the files on the server, then you can then go to the server and you can right-click the data folder. If you get the option to restore previous versions, you can then restore a previous version of that folder.

This scenario is only available if you have shadow copies turned on your server. I do suggest that if it is not turned on you turn it on now, just in case you get an encryption virus in the future because it is a handy tool for recovery.

The best defence against the encryption virus is to have a reliable backup solution in place and this backup solution needs to consist of external drives that get rotated so that at any given time one of your backup drives are not connected. The way when you do get the encryption virus you always have an offsite backup to restore from.

CRT - Data Recovery

Cloud Backup Solutions

The other option is to use our Cloud Backup solution which sends an offsite backup into the cloud and you can recover any version of the encrypted files or folders.

If you got the encryption virus on a PC and there is no server involved and there are no backups to restore from, you cannot right-click the folder to restore shadow copies, although we try this every time in the hope that we can. This is because one of the first steps the encryption virus takes is to delete the shadow copies so that you cannot use the simplest step for recovery.

I haven’t tried this next step but I do think this may be an option. You can purchase the software called Get Data Back, which is a data recovery tool to recover deleted files. The reason why I say this might be an option is that I have seen the encryption virus actually encrypt the file and make a new file and then deletes the source. So, this may be an option.

CRT - Cloud Backup

If you need any help recovering your files from an encryption virus we would love to give you assistance. Please get in touch with anyone from our office at 1300 760 339.


Related Articles