Recover Important Files from ransomware attack
Many of us get infected with ransomware on our PC as a result of installing crack software or games. In this way, our important files become encrypted and become different types of extensions like .coot, .maas . We try to get the files back by changing the file extension, but it is not possible every time. Then we posted for help somewhere, the helpful people there says, “Brother, give full format , There is no possibility of getting the file.” If you format theme, the chances of getting your file back may go away.
In that case, first we have to turn off the virus process. Because the virus process, it changes the maximum policy of Windows. So that we can’t do anything. It blocks many websites in the host file so that we cannot go to any site for security help. In this case, we can find and close the process with rkill, process killer software. But this process is difficult. The best way we can go
Delete and format windows C drive (system partition) + windows reserved drive and install fresh windows. Be careful not to format other drives.
Installing fresh Windows ends the virus process. But the files remain encrypted. But we should continue to get our files back
Now a ransom notes from the PC (the note where it demands money), and an encrypted file Upload to Emsisoft website.
If they have a possible decryptor tools, they will help with that. Now if get the tool. Try decryption with that. The point here is that this tool tries to decrypt with the offline key. But if the PC connected to the Internet during a virus attack, the chances of decryption are about 0% because the virus encrypt the file with random online key. So it Emsisoft fails try next steps.
Now you can try with any recovery tool. But I will suggest icare Data recovery. You can download this software for free. But you can buy it for pro features.
As it is a very powerful software, windows execution policy will block it if you try to install it.
There is nothing to fear. You can watch this video.
Now select your important drive from icare data recovery software and select deep scan. This will take some time. When the process is complete, it will show you a much larger list. Select the partition which has highest priority and press next. Here your directory tree will show on the left side. From there, select the “Raw” folder and recover them.
Don’t save on same drive. It is convenient to save to another drive which has space more than recovery file. Hopefully you will get back 75% -100% picture, video, song. If you give the format, you may not get it.
How powerful the malware is, it depends on the programmer of the virus. There is also malware that attacks BIOS and kernel. Above all, we should be aware. We don’t do things as The weaver is ruined by greed.
This writing is written from my own experience. I hope you will helped yourself and help others.