How to Backup Ransomware-Encrypted Files

During a ransomware attack, files that were encrypted may suffer permanent damage if you attempt any actions like using an alternative decryption tool, file recovery software, or even renaming the file extension. So, before doing anything with the files that are encrypted by ransomware, we suggest creating a backup copy of the files first. Please see the guide on this page to create a backup copy using third-party software or Windows Backup features.

Before proceeding, get a clean, empty external USB drive and attach it to the computer infected by ransomware. Do not attach external drives that contain important files, as ransomware may encrypt their contents.

The importance of making a backup copy

Backups of ransomware-encrypted files may be required for a variety of important reasons. First and foremost, it enables future data decryption. Over time, computer security specialists frequently develop new decryption methods that may work with your ransomware-encrypted files. Keeping the encrypted files around can also aid in forensic investigations, which can help explain how the incident occurred and potentially increase defenses against future attacks.

Furthermore, having encrypted files can provide leverage when dealing with attackers, although this is not recommended by the entire computer security community. Finally, keeping a backup copy of the encrypted data ensures data integrity and provides for efficient and successful recovery in the event that decryption is accomplished—either by retrieving decryption keys or successfully cracking the encryption.

Backup only selected encrypted files

To backup specific files encrypted by ransomware, we suggest using FreeFileSync software. This program is a folder comparison and synchronization tool to create and manage backup copies of important computer files. Instead of creating a backup copy of the entire folders, we are suggesting backing up only specific ransomware-encrypted files using this tool.

1. Download FreeFileSync from the official website.

2. Install the downloaded file and open the program when done.

3. Click on New or press Ctrl + N on keyboard.

4. On Left window, Browse the specific Folder you want to backup.

Image of Backing Up Folder and Files

5. Click the Plus (+) button to add another folder and repeat the process until all important folders are included.

6. On Right window, Browse the destination you want to copy the backup files. Select the location of your external hard drive.

7. Next, click on Synchronize settings.

8. Choose Mirror from the variant selection and click OK to close this window.

Image of Backup Settings

9. Click the Filter icon.

Image of Included Encrypted Files

10. Go to Include section, and add the specific file extension of ransomware encrypted data. For example, *.encrypted. You may also want to add file type of the ransom note, like *.txt, *.hta, *.html

11. Click OK button. It will go back to main window.

12. Click on Synchronize button. It will begin assessing ransomware encrypted files to backup.

Image of File Synchronization

13. After the file assessment and calculations of the encrypted files you wish to backup, click on Start button to begin the process.

Backing up Files and Folders in Windows

If you don’t want to use a third-party application, Windows has its own function to backup files. Though this can make copies of ransomware-encrypted files on a Folder level only, It means all files in selected folders will be included in the backup.

1. On the Windows Taskbar, type Backup Settings in the Search bar and press Enter on the keyboard.

2. On the Backup Settings window, click on Add a Drive if no external drive is configured to be used with Windows backup.

Image of Adding Backup Drive

3. Select the backup drive location. Please note that this will be the default backup destination.

4. Next, click More Options.

Image of other backup options on Windows

5. Under Back Up These Folders, add and choose every folder containing the files encrypted by ransomware.

Image of additional folder for backup

6. Lastly, click the Back Up Now button to start the process.

Image of Windows backup

About the author

Leave a Comment

Your email address will not be published. Required fields are marked *