During ransomware attack, files that were encrypted may suffer from permanent damage if you attempt any actions like using an alternative decryption tool, file recovery software, or even renaming the file extension. So, before doing anything with the files that are encrypted by ransomware, we suggest to create a backup copy of the files first. Please see the guide on this page to create a backup copy using third party software or Windows Backup features.
Before proceeding, get a clean/empty external USB drive and attached it to the computer infected by ransomware. Do not connect external drives with important files as ransomware may encrypt its contents.
Backup Only Selected Encrypted Files
To backup specific files encrypted by ransomware, we are suggesting to use FreeFileSync software. This program is a folder comparison and synchronization tool to create and manage backup copies of important computer files. Instead of creating a backup copy of the entire folders, we are suggesting to backup only specific ransomware encrypted files using this tool.
1. Download FreeFileSync from the official website.
2. Install the downloaded file and open the program when done.
3. Click on New or press Ctrl + N on keyboard.
4. On Left window, Browse the specific Folder you want to backup.
5. Click the Plus (+) button to add another folder and repeat the process until all important folders are included.
6. On Right window, Browse the destination you want to copy the backup files. Select the location of your external hard drive.
7. Next, click on Synchronize settings.
8. Choose Mirror from the variant selection and click OK to close this window.
9. Click the Filter icon.
10. Go to Include section, and add the specific file extension of ransomware encrypted data. For example *.encrypted. You may also want to add file type of the ransom note like *.txt, *.hta, *.html
11. Click OK button. It will go back to main window.
12. Click on Synchronize button. It will begin assessing ransomware encrypted files to backup.
13. After the file assessment and calculations of the encrypted files you wish to backup, click on Start button to begin the process.
Backing up Files and Folders in Windows
If you don’t want to use a third party application, Windows has its own function to backup files. Though, this can make copies of ransomware encrypted files on a Folder level only. It means, all files on selected folders will be included in the backup.
1. On Windows Taskbar, type Backup Settings on Search bar and press Enter on keyboard.
2. On Backup Settings window, click on Add a Drive if no external drive is configured to use with Windows backup.
3. Select the backup drive location. Please note that this will be the default backup destination.
4. Next, click More Options.
5. Under Back Up These Folders, add and choose every folder containing the files encrypted by ransomware.
6. Lastly, click Back Up Now button to start the process.