Ransomware Data Recovery: Recover Ransomware Encrypted Files

Ransomware is an advanced malware that attacks both individuals & enterprises by encrypting the files on your computers, and then you can't access them unless you pay the ransom. Here, we show you three helpful ways to recover files deleted or encrypted by ransomware like Locky, CryptoLocker, CryptoWall, and TorrentLocker, without paying.

 Download for Win Recovery Rate 99.7%
 Download for Mac Trustpilot Rating 4.4

Table of Contents

Ransomware Overview

The ransomware virus is a new and advanced type of computer virus that mainly spreads in the form of mail, program Trojans, and web pages. The virus is terrible and extremely harmful. It uses various encryption algorithms to infect, delete, and encrypt files.

The ransomware transmits in three major ways: vulnerability, mail, and advertising. Once your computer and any other storage device are infected by a ransomware virus, like the notorious ones Locky, Zcrypt, CryptoLocker, CryptWall, TorrentLocker, etc., you can't access the infected files or system until you pay the ransom.  

We advise you not to pay for the ransom. Moreover, even if you have made the payment, your data may not be intact like before, and you may face a greater data risk. Hence, after the infection, you can try some ways to recover ransomware encrypted files quickly. In the following parts, we will show you a few practical methods to recover data.

How to Recover Ransomware Encrypted and Deleted Files

There are many solutions to restore encrypted files by ransomware attacks. We have selected some easy to implement approaches for you. Read to see details.

Method 1. Use Professional Virus Attack Data Recovery Software

Before the data recovery, you can look at the workflow of most ransomware.

how to recover ransomware encrypted files - virus workflow

As you can see from the graphic, the encryption files created by ransomware are not the original files but only copies. The original files are not encrypted directly but deleted by the virus. Therefore, you can use a data recovery tool to restore the removed source files. As long as the data recovery software finds the deleted source files, there is a possibility of recovery.

Try EaseUS Data Recovery Wizard as the first attempt. It's a reputable file recovery software that can recover files infected by the Locky virus, such as CryptoLocker and other ransomware viruses.

Try the Data Recovery Software to Get Lost Files Back

  • Recover lost or deleted files, documents, photos, audio, music, emails effectively
  • Recover files from formatted hard drive, emptied recycle bin, memory card, flash drive, digital camera, and camcorders
  • Support data recovery for sudden deletion, formatting, hard drive corruption, virus attack, system crash under different situations
 Download for Win Recovery Rate 99.7%
 Download for Mac Trustpilot Rating 4.4

The ransomware is constantly changing. Some new and more advanced viruses may work differently from what shown above. They may not delete the source file so that the data recovery software won't be helpful. However, we still strongly recommend that you use a file recovery tool to retrieve the data once infected. Although we cannot make sure about the virus type, we must make the data recovery timely by all available means.

Method 2. Restore from a System Backup

If the data recovery program isn't workable and you happen to create a system backup, you can try to recover virus-infected files using Windows backup. You can recover data from worse scenarios in this way. Therefore, setting up Automatic Windows Backup is a useful way to prevent data loss.

Go to Control Panel, click "System and Security" > "Backup and Restore" > "Restore files from backup". In the Backup and Restore screen, click "Restore my files" and follow the wizard to restore your files

how to recover ransomware encrypted files - windows backup

Method 3. Restore from Previous Versions

The previous version of the file also can help you to recover encrypted files by ransomware.

1. Locate the directory where the data is stored. Right-click the file, then select "Properties".

2. Click the "Previous Versions" tab when the Properties window opens.

Note: If you don't see the Previous Versions tab, you need to install the client. You can speak with your support team to get the correct client installed.

3. A list of available snapshots for the file will appear. Select the snapshot that represents the last known good version of the file.

4. Click "View" and verify if it is the correct version of the file. Once you find the right file, do any of the following:

  • View: View the recovered file directly and then save it by clicking "File" > "Save As".
  • Copy: Create a copy of the recovered file in the same directory as the original file. You will now have both copies available.
  • Restore: This will restore the recovered file and will replace the current file.

Important: Restoring the file will overwrite the current copy. Any data saved in the present copy will be overwritten with the older file.

how to recover ransomware encrypted files - previous-versions

Wrap Up

Ransomware can attack both individuals & enterprises. To minimize losses, you should act instantly and use effective methods to get files back. You can try any of the above methods to recover ransomware encrypted files. However, most users don't enable the file or system backup feature on their computers. So you need to use a data recovery program, like EaseUS Data Recovery Wizard, to restore files. As one of the leading data recovery products, it's famous for deleted files recovery, virus attack recovery, formatted recovery, recycle bin emptied data recovery, lost partition recovery, and more. It also provides you the free version for a trial. Have a try, and it won't let down.

How to Prevent Virus Attack Effectively

Prevention is easier than rescue. You can try the following tips to protect your computer from infecting viruses.

  • Do not open emails' attachments or links sent by unknown senders. 
  • Install and enable the anti-virus software on your computer. Besides, remember to upgrade it at any time.
  • Use required software to download online files, do not double-click to open the .js, .vbs, and other suffix files.
  • Regularly back up important data and files on your computer. If you don't want to copy data manually, you can use professional schedule backup software for automatic backup.
  • Report the ransomware attack as it is an illegal cybercrime.

Was This Page Helpful?

Updated by Daisy

Daisy is the Senior editor of the writing team for EaseUS. She has been working in EaseUS for over ten years, starting from a technical writer to a team leader of the content group. As a professional author for over 10 years, she writes a lot to help people overcome their tech troubles.

Read full bio

Written by Jean

Author Jean has been writing tech articles since she was graduated from university. She has been part of the EaseUS team for over 5 years. Her special focuses are data recovery, disk partitioning, data space optimization, data backup and Mac OS. By the way, she's an aviation fan!

Read full bio

Product Reviews

TrustScore 4.7 | 323 reviews
  • EaseUS Data Recovery Wizard is a powerful system recovery software, designed to enable you to recover files you’ve deleted accidentally, potentially lost to malware or an entire hard drive partition.

    Read More
  • EaseUS Data Recovery Wizard is the best we have seen. It's far from perfect, partly because today's advanced disk technology makes data-recovery more difficult than it was with the simpler technology of the past.

    Read More
  • EaseUS Data Recovery Wizard Pro has a reputation as one of the best data recovery software programs on the market. It comes with a selection of advanced features, including partition recovery, formatted drive restoration, and corrupted file repair.

    Read More