Ransomware is a type of malware, which encrypts files on the infected computers and demands users to pay ransom to decrypt their files. It is mostly spread through phishing emails, infected websites and sometimes directly installing itself. You may lose your valuable photos, videos and other documents if you are attacked by ransomware. Here I will discuss how to decrypt files encrypted by ransomware.
In the last few years, many cybercriminals are distributing a new kind of virus called “Ransomware” that can encrypt and destroy every PC file to get money from victims. It can infect your PC if you are not careful enough when clicking any suspicious and unknown links or attachments. The only way to keep the files safe from ransomware is by storing backups in different storage other than the PC. Unfortunately, there are no successful solutions to decrypting the infected files, Fbut you can still apply some ways for decrypting infected files.
Decrypting Encrypted Files applying System Restore
- First, reboot the Windows system and hit “F8” from the keyboard continuously during booting. From the next window, choose “Safe Mode” to initiate the Windows.
- Select the “Start” menu and open “Accessories.” Then, pick the “System Tools” option.
- The “System Restore” option will show up. Click on it. Choose the restore points from the options. Select “Finish.”
- Then, the system will automatically restart and restore the Windows system to a previous safe restore point.
- You can also restore the files from the system backup. If you made a system backup with personal files at a previous time, access the “Control Panel” from the “Start” menu.
- Go to “System and Security.” Pick the “Backup and Restore” option.
- Select “Restore my files” from the next page. It will initiate the system backup. Then, follow the wizard to restore the files.
Decrypting Encrypted Files from Shadow Copies
- Typically, Windows system protection will generate a backup of the PC files with shadow copies. When it initiates a restore point, it restores the backup files.
- You can recover the infected files from the shadow copies. Download “Shadow Explorer” on the PC. Then, install it.
- Access the “Shadow Explorer” and pick the drive and date for restoring the files. The list of shadow copies of that drive or folder will show up.
- Pick the file you wish to restore and right-click on it. Pick “Export.” Choose a location and select “OK.” It will restore the original files.
Decrypting Encrypted Files applying Decrypt Tools
- There are different types of ransomware and decrypt tools is in the web. See what kind of ransomware infected your files and check the web for decrypt tools appropriate for it.
- For the ransomware called “WannaCry,” you can use the “Wanakiwi” decrypt tool. You have to reboot the PC as soon as it got infected by the ransomware.
- The PC memory store the Windows software produced keys for encrypting and decrypting the files. So, when the PC gets infected, the keys for decrypting the ransomware will also be there.
- Applying those keys with the “Wanakiwi” tool, you can decrypt the files if the location of the keys is intact.
- For the “Cryptodefense” encrypted files, you can apply the “Emsisoft Decrypter” tool. After downloading, locate the “decrypt_cryptodefense.zip” file and extract it.
- Then, run the tool by double-clicking on it. Add a folder. Select “Decrypt” to start.
- For “Cryptorbit” ransomware, the “Anti-CryptorBit” is an effective tool. Again, extract the downloaded file and open it.
- Pick the file type that you wish to recover. Then, select the folder that has the infected files and hit “Start” to decrypt them.lect the file type”.
Summary: Decrypt Files Encrypted by Ransomware
- Search for the files.
- Try to find the origins of the infection.
- Find out which type of encryption was used, if possible.
- Search the Internet for a solution, or try one of these options:
- Work with other users who have encountered the same malware, such as at this Bleeping Computer forum.
- Try using online decryption tools, such as those at NoMoreRansom.org. If your files were encrypted with offline keys, you may be out of luck.
If you happen to have a backup to restore from (in a separate location), do that now.