How to Backup Ransomware-Encrypted Files

During a ransomware attack, files that were encrypted may suffer permanent damage if you attempt any actions like using an alternative decryption tool, file recovery software, or even renaming the file extension. So, before doing anything with the files that are encrypted by ransomware, we suggest creating a backup copy of the files first. Please see the guide on this page to create a backup copy using third-party software or Windows Backup features.

Before proceeding, get a clean, empty external USB drive and attach it to the computer infected by ransomware. Do not attach external drives that contain important files, as ransomware may encrypt their contents.

The importance of making a backup copy

It is vital to have a backup copy of files that were encrypted by ransomware. One is its importance for future data recovery if one is not available at the present. Keep in mind that malware researchers are keen on developing decryption methods that may work with your affected data, if not today, possibly in the future. Having the encrypted data around also aids in forensic investigation, aiming to help how the incident occurs. This will help security analysts increase the defenses against ransomware attacks.

Keeping a backup copy of ransomware-encrypted files ensures data recovery either by retrieving the decryption key or successfully cracking the file encryption.

Backup only selected encrypted files

We recommend using the program FreeFileSync to make a backup copy of specific files encrypted by ransomware. This program is a folder comparison and synchronization tool for making and managing backup copies of crucial computer files. Using this program, we recommend backing up only specific ransomware-encrypted files rather than the entire folder.

1. Download FreeFileSync from the official website.

2. Install the downloaded file and open the program when done.

3. Click on New or press Ctrl + N on keyboard.

4. On Left window, Browse the specific Folder you want to backup.

Image of Backing Up Folder and Files

5. Click the Plus (+) button to add another folder and repeat the process until all important folders are included.

6. On Right window, Browse the destination you want to copy the backup files. Select the location of your external hard drive.

7. Next, click on Synchronize settings.

8. Choose Mirror from the variant selection and click OK to close this window.

Image of Backup Settings

9. Click the Filter icon.

Image of Included Encrypted Files

10. Go to Include section, and add the specific file extension of ransomware encrypted data. For example, *.encrypted. You may also want to add file type of the ransom note, like *.txt, *.hta, *.html

11. Click OK button. It will go back to main window.

12. Click on Synchronize button. It will begin assessing ransomware encrypted files to backup.

Image of File Synchronization

13. After the file assessment and calculations of the encrypted files you wish to backup, click on Start button to begin the process.

Backing up Files and Folders in Windows

If you don’t want to use a third-party application, Windows has its own function to backup files. Though this can make copies of ransomware-encrypted files on a Folder level only, It means all files in selected folders will be included in the backup.

1. On the Windows Taskbar, type Backup Settings in the Search bar and press Enter on the keyboard.

2. On the Backup Settings window, click on Add a Drive if no external drive is configured to be used with Windows backup.

Image of Adding Backup Drive

3. Select the backup drive location. Please note that this will be the default backup destination.

4. Next, click More Options.

Image of other backup options on Windows

5. Under Back Up These Folders, add and choose every folder containing the files encrypted by ransomware.

Image of additional folder for backup

6. Lastly, click the Back Up Now button to start the process.

Image of Windows backup

About the author

Discussion

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Scroll to Top