Posted on

Ransomware removal – How to recover your encrypted files


Recently, a unique form of Cryptovirus has been causing complications and headaches across the globe. Targeting individuals and businesses alike, it has caused both billions of dollars in damage and acted as a devastating force in the lives of millions. This form of Cryptovirus is known as ransomware. Also working as a type of scareware, ransomware will encrypt your files and give you certain  period before deleting them. Just as its name implies, ransomware blackmails its victims into paying a ransom for the return of their respective files. However, as many tech experts would agree, there is a slim chance (if any) that paying a ransom will result in the return of your files.

This poses a bit of a problem. Your files are encrypted, set to be deleted in a matter of hours, and even money can’t guarantee their safe return. Luckily, there a few solutions will likely get your files back. In this post, we will discuss three ways you may be able to recover your files after a ransomware attack

Important: This guide will only be useful if you can access your computer. If your ransomware has locked you out of your computer, download Kaspersky WindowsUnlocker to a flash drive and boot your computer from your flash drive. 

1. Use a decryption tool

The hackers creating ransomware will claim that you can’t decrypt your files. This is an outrageous claim, and a claim only made to scare you. Ransomware such as Jigsaw will attempt to scare victims by deleting a select few files every hour or so. The number one way to save all of your files within that time is to use a decryption tool. Disclaimer: it is best to move your files to an external drive before attempting to decrypt them. This is so that your drive will be relatively undisturbed in the event that a decryption tool does not work.

An antimalware company named Emsisoft has been creating a variety of file decryption tools since mid-2013. These decryption tools cover a wide range of different types of encryption and can be found here. By looking at the extension name on your encrypted files, you should be able to determine which decryption tool you need

If you couldn’t find the correct extension type at Emsisoft, there are a few other companies that may offer useful tools. Kaspersky Lab offers seven different decryption tools that may suit you better. Those can be found here.

Finally, if you can’t find a tool that can decrypt your files, it’s time to try method #2.

2. Use ShadowExplorer (Windows only)

ShadowExplorer is a freeware program which may come in handy in the case of a ransomware attack. Essentially, ShadowExplorer checks if there is an older, unencrypted version of any of your files, and gives you the option to restore a “Shadow copy” of any previous versions of your files it can detect.

ShadowExplorer is able to find older versions of files through Microsoft’s Volume Shadow Copy Service. Sorry Mac and Linux users, this method only works with Windows computers. The download link for ShadowExplorer can be found here.

Again, it is important to do this on an external drive, as you want to leave your drive relatively untouched for method #3.

3. Use a data recovery tool

As a last resort, data recovery may be a worthwhile option in recovering your files. This method likely you won’t get all of your files back, but it is worth a try.

Recuva is a useful, free file recovery tool which may be able to retrieve most of your files. To use Recuva, simply download it onto a flash drive, open it on your computer, and scan your C drive. Recuva also comes with a deep-scan option which will likely recover more of your files.


Hopefully, this post helped you recover your files! Remember to check back soon for more news, reviews, and tutorials. 

Leave a Reply