Detailed instructions for removing common ransomware viruses. How to Recover Data Using Infected File Decryption Tools.

Once a Ransomware/Trojan gets into your system, it’s too late to try to save unsaved data. Surprisingly, many cybercriminals don’t relinquish their obligations after paying the ransom and actually recover your files. Of course, no one will give you guarantees. There is always a chance that an attacker will take the money, leaving you alone with the locked files.

You can also read: Best Antivirus for Windows 11

However, if you encounter a ransomware infection, don’t panic. And don’t even think about paying the ransom. Keeping calm and relaxed, follow these steps:

1. Run an Antivirus to Remove the Trojan

How to Remove Ransomware and Recover Data: Tips and Methods for 2022

Removing the infection in Safe Mode without network drivers is highly recommended. There is a possibility that the ransomware may have broken into your network connection.

Here is a list you can use:
Best Antivirus for Windows 11
Best Antivirus for Mac: Best Options in 2021

Removing the malware is an essential step in solving the problem. Not every antivirus program will be able to cope with the cleanup. Some products are not designed to remove this type of threat. Check whether your antivirus supports this feature on the official website or by contacting a technical support specialist.

How to Remove Ransomware and Recover Data: Tips and Methods for 2022

The main problem is that the files remain encrypted after the malware infection is completely removed. However, this step will at least save you from the virus that performs encryption, which will protect the re-encryption of objects.

Attempting to decrypt files without removing the active threat usually results in re-encryption. In this case, you can access the files even if you have paid a ransom for the decryption tool.

2. Try to Decrypt Files with Free Utilities

Again, it would be best if you did everything possible to avoid paying the ransom. The next step will be to apply free tools to decrypt files. Note that there is no guarantee of a working decryption tool for your instance of ransomware. Your computer may have been infected with malware that has not yet been compromised.

Kaspersky Lab, Avast, Bitdefender, Emsisoft, and several other vendors maintain the No More Ransom! website, where anyone can download and install free decryption tools.

YOU CAN ALSO READ:  How to Recover Data from an External Hard Drive?

Initially, using the Crypto Sheriff tool is recommended, which allows you to determine your type of ransomware and check if a decryptor exists for it. Here’s how it works:

  • Select and download the two encrypted files from your computer.
  • Specify the e-mail address on the site, which is displayed in the information message with the demand for redemption.
  • If you don’t know your email address, download a .txt or .html file containing your ransomware notes.
How to Remove Ransomware and Recover Data: Tips and Methods for 2022

Crypto Sheriff will process this information using its database and determine if there is a ready-made solution. If the tools are not detected, do not despair. Some decryptors may still work, although you’ll have to download and test all the available tools. It’s a slow and time-consuming process, but it’s cheaper than paying a ransom to intruders.

Decryption tools

The following decryption tools can decrypt your files. Click the link (pdf or instruction) for more information on which ransomware the tool works with:

YOU CAN ALSO READ:  Content Equivalent Apple Music - How to Fix? 3 Easy Steps

The number of available decryptors may change over time. We will regularly update the information by checking the No More Ransom website!

It’s easy to run the file decryption tool. Many utilities come with official instructions (mainly solutions from Emsisoft, Kaspersky Lab, Check Point, or Trend Micro). Each process may be slightly different, so it is recommended that you read the user manual beforehand.

Let’s consider the process of recovering files encrypted by the Philadelphia ransomware Trojan:

  • Select one of the encrypted files in the system and the file that has not yet been encrypted—place both files in a separate folder on your computer.
  • Download the Philadelphia decryption tool and move it to the folder with our files.
  • Select both files and drag them to the decryptor executable file icon. The tool will start searching for the correct keys to decrypt.
How to Remove Ransomware and Recover Data: Tips and Methods for 2022
  • This process can take a decent amount of time, depending on the complexity of the threat.
How to Remove Ransomware and Recover Data: Tips and Methods for 2022
  • When you are finished, you will receive a decryption key to restore access to all locked file encryptors.
How to Remove Ransomware and Recover Data: Tips and Methods for 2022
  • Then you need to accept the license agreement and choose the decryption options. You can change the location of objects and optionally save encrypted versions.
  • Eventually, you will see a message that the files were successfully recovered.
YOU CAN ALSO READ:  How to Watch Netflix for FREE: Tips and Tricks

Again, this process will not work if there is no decryptor for your particular instance of ransomware. Since many users prefer to pay a ransom rather than look for alternative ways to solve it, cybercriminals actively use the problem, even hacked ransomware.

If there is a Backup: Clean the System and Restore the Backup

Steps 1 and 2 will only work when used together. If they don’t help, use the following guidelines:

Hopefully, you have a working backup of your data. In this case, you should not even consider paying the ransom – this can lead to more severe consequences than damage from the primary infection.

You can use this guide: How to Backup and Restore with Paragon Hard Disk Manager 25 Anniversary LE: FREE License Included

By yourself or delegating the task to your system administrator, perform a complete system reset and restore your files from a backup. Encryption protection is an important reason to use file backup and restore tools.

Windows users can use a complete system factory reset. Recommendations for recovering files encrypted by Trojans are available on the official Microsoft website.


Ruby has been a writer and author for a while, and her content appears all across the tech world, from within ReadWrite, BusinessMagazine, ThriveGlobal, etc.

Write A Comment