WannaCry is still one of the biggest ransomware that has infected more than 200,000 PCs in 150 countries. It spreeds in the form of email, program trojans, and web pages, and has the ability to infect, encrypt and delete files on the attacked computers.
If unfortunately, your files have been encrypted by ransomware, you may be asked to pay the ransom, please don't do so. Since it is not the only option, there are 4 methods that you can try to recover ransomware encrypted files.
Paying the ransom is not the only option when your computer is infected by Ransomware, since there are 4 methods below to help you recover encrypted files from ransomware.
Many computers infected with ransomware WannaCry (also called WannaCrypt, WannaDecrypt) have successfully unlocked encrypted files without paying a dime. If you have rebooted your computer since the day you got hit by the ransomware.
As you probably know, Windows applications generated keys for encrypting and decrypting files will be stored in computer memory. The keys to decrypt virus WannaCry encrypted files are also saved there. Therefore, you can decrypt virus-locked files as long as the memory location that saved the keys has not been overwritten.
You can just download the free ransomware decrypt tool called wanakiwi, which was released on 2017, and start to decrypt virus encrypted files. It has been tested in Windows XP and 7, and 2003, Vista, and Server 2008(R2).
By default, Windows has enabled system protection and it will create restore points in Windows 7 before a big event. Windows will create a volume backup containing shadow copies when it takes a restore point. It actually creates many shadow copies and you just don’t aware of them. Therefore, you can recover encrypted file through shadow copies.
You can download a free tool, Shadow Explorer to make the steps easier.
To recover files encrypted by ransomware:
1. In the main interface of Shadow Explorer, select the volume and date to restore the files. In my case, I choose D: drive. To my surprise, I have 46 shadow copies of D: drive.
2. All the files in that time being are listed. Then you can right click on the file you want to recover and select Export.
3. Select a location to receive the file and then click OK. Then the file will be restored.
If you have created a system backup including personal files, you can easily restore your files back and remove the virus. Therefore, having a right backup strategy is the best defense against ransomware. In Windows 10/87, Windows always reminds you to backup your files.
To recover encrypted files ransomware free:
1. Navigate to Control Panel\System and Security\Backup and Restore.
2. In the Backup and Restore screen, click Restore my files and follow the wizard to restore your files.
If the previous 3 methods will not work, there is still hope to recover files from ransomware. WannaCry first saved the original files into ram, deleted the original files, and then created the encrypted files. Therefore, data recovery tools can recover your original files from the hard drive.
You can download a file undelete or data recovery tool like Deep Data Recovery to help you. Deep Data Recovery is a professional data recovery tool that helps you find the deleted or lost files caused by virus attacks.
Step 1. Download and install the reliable data recovery software Deep Data Recovery on your computer.
Step 2. Select the partition where you saved deleted files before and then click “Start Scan”.
Step 3. The software will scan the partition at a fast speed. You don’t need to wait the scanning to finish if you find the file you want in the scanning list.
Step 4. You can search the file names or filter files by size, type and date modified to find the data you need quickly. Select the files and then click “Recover”.
If you worry about the ransomware virus delete your encrypted files before you can recover them, you can create a backup to prevent it. If you did not remove the ransomware virus, then you should perform an offline backup (boot from bootable media to backup) to exclude the virus in the backup.
Anyway, the ransomware may not be gone in a short time. If the ransomware concerns you, you should start backing up your valuable data right now. If you are not familiar with Windows Backup and Restore, then you can choose another simple backup tool.
A special version of the Qiling Disk Master Standard may be just suitable for you. With only a few clicks, you can create a file backup, partition backup, system backup or disk backup.
Please download it to have a try! For server users, try Qiling Disk Master Server!
It allows you to specify the backup source and backup target location on the same screen. Then you can backup files to external hard drive, USB drive, network drive, cloud drive, NAS, etc.
In conclusion, if your files are encrypted by ransomware, paying the ransom is your last option. You can give these 4 methods a try in the first time. New decryption tools are probably on their way to being tested and verified.
To get more time to recover ransomware encrypted files in Windows 10 or other previous systems, try to backup encrypted files, or partition, system, and disk. Meanwhile, it also helps to prevent data loss from ransomware or similar viruses if you have a backup. The best way is to run a schedule backup task, so you can keep all the changes continuously.