Additional menu

Zerosuniverse

The Way of Learning

How to recover your files from Ransomware infections
You are here: Home / cyber-security / How to recover your files from Ransomware infections

How to recover your files from Ransomware infections

posted on

Ransomware infections depend on where your files are stored and what version of Windows you are using. Before you try to recover files from Ransomware infections, you should use Windows Defender Offline to fully clean your PC.

Recover your files from Ransomware infections For Microsoft Office files stored, synced, or backed up to OneDrive

  • OneDrive creates a version of Microsoft Office files when you save or change the file as part of its security features.
  • To see if there are older versions of your file, go to OneDrive on the web. Right-click on a file you want to restore and click Version history.Ransomware infections.
  • OneDrive for Business customers should see the Manage document versions help article on the Office help site.

Recover your files from Ransomware infections For files on your PC

  • You need to have turned on File History (in Windows 10 and Windows 8.1) or System Protection for previous versions (in Windows 7 and Windows Vista) before you were infected. In some cases, these might have been turned on already by your PC manufacturer or network administrator.
  • Some ransomware will also encrypt or delete the backup versions of your files. This means that even if you have enabled File History if you have set the backup location to be a network or local drive your backups might also be encrypted. Backups on a removable drive, or a drive that wasn’t connected when you were infected with the ransomware, might still work.
  • See the Windows Repair and recovery site for help on how to enable file recovery for your version of Windows.

If you’ve been infected by the Crilock family of ransomware (also called CryptoLocker), you might be able to use the tool mentioned in the MMPC blog:

  • FireEye and Fox-IT tool can help recover Crilock-encrypted files.

What should I do if I’ve paid?

You should contact your bank and your local authorities, such as the police. If you paid with a credit card, your bank may be able to block the transaction and return your money. The following government-initiated fraud and scam reporting websites may also help:

  • In Australia, go to the SCAMwatch website
  • In Canada, go to the Canadian Anti-Fraud Centre
  • In France, go to the Agence Nationale de la sécurité des systèmes information website
  • In Germany, go to the Bundesamt für Sicherheit in der Informationstechnik website
  • In Ireland, go to the A Garda Síochána website
  • In New Zealand, go to the Consumer Affairs Scams website
  • In the United Kingdom, go to the Action Fraud website
  • In the United States, go to the On Guard Online website

If your country or region isn’t listed here, we encourage you to contact your country’s federal police or communications authority. For general information on what to do if you have paid, see:

  • What to do if you are a victim of fraud

Source: Microsoft

Get instant free access to our weekly newsletter where We share our latest Tricks and topics related trends with insightful analysis on Cyber security Ethical Hacking technology and many more.

100% Privacy. No Spam.

About Avinash Anshu

A passionate for Cyber Security, AI, programming, and technology. I also have a strong passion for Learning SEO, typography, data visualization, graphic design, and pretty much anything that’s visually interesting or beautiful. Follow me at Twitter, Facebook, Pinterest.

Reader Interactions

Comment Policy:Your words are your own, so be nice and helpful if you can. Please, only use your real name and limit the amount of links submitted in your comment.

Leave a Reply

Your email address will not be published. Required fields are marked *