How to Backup Ransomware Encrypted Files

During ransomware attack, files that were encrypted may suffer from permanent damage if you attempt any actions like using an alternative decryption tool, file recovery software, or even renaming the file extension. So, before doing anything with the files that are encrypted by ransomware, we suggest to create a backup copy of the files first. Please see the guide on this page to create a backup copy using third party software or Windows Backup features.

Before proceeding, get a clean/empty external USB drive and attached it to the computer infected by ransomware. Do not connect external drives with important files as ransomware may encrypt its contents.

Backup Only Selected Encrypted Files

To backup specific files encrypted by ransomware, we are suggesting to use FreeFileSync software. This program is a folder comparison and synchronization tool to create and manage backup copies of important computer files. Instead of creating a backup copy of the entire folders, we are suggesting to backup only specific ransomware encrypted files using this tool.

1. Download FreeFileSync from the official website.

2. Install the downloaded file and open the program when done.

3. Click on New or press Ctrl + N on keyboard.

4. On Left window, Browse the specific Folder you want to backup.

Image of Backing Up Folder and Files

5. Click the Plus (+) button to add another folder and repeat the process until all important folders are included.

6. On Right window, Browse the destination you want to copy the backup files. Select the location of your external hard drive.

7. Next, click on Synchronize settings.

8. Choose Mirror from the variant selection and click OK to close this window.

Image of Backup Settings

9. Click the Filter icon.

Image of Included Encrypted Files

10. Go to Include section, and add the specific file extension of ransomware encrypted data. For example *.encrypted. You may also want to add file type of the ransom note like *.txt, *.hta, *.html

11. Click OK button. It will go back to main window.

12. Click on Synchronize button. It will begin assessing ransomware encrypted files to backup.

Image of File Synchronization

13. After the file assessment and calculations of the encrypted files you wish to backup, click on Start button to begin the process.

Backing up Files and Folders in Windows

If you don’t want to use a third party application, Windows has its own function to backup files. Though, this can make copies of ransomware encrypted files on a Folder level only. It means, all files on selected folders will be included in the backup.

1. On Windows Taskbar, type Backup Settings on Search bar and press Enter on keyboard.

2. On Backup Settings window, click on Add a Drive if no external drive is configured to use with Windows backup.

Image of Adding Backup Drive

3. Select the backup drive location. Please note that this will be the default backup destination.

4. Next, click More Options.

Image of other backup options on Windows

5. Under Back Up These Folders, add and choose every folder containing the files encrypted by ransomware.

Image of additional folder for backup

6. Lastly, click Back Up Now button to start the process.

Image of Windows backup

About the author

Leave a Comment

Your email address will not be published. Required fields are marked *

Copy link