The location of your files and the version of Windows you’re running are both factors in ransomware outbreaks. Use Windows Defender Offline to properly clean your PC before attempting to recover files from Ransomware attacks.
Recover your files from Ransomware infections For Microsoft Office files stored, synced, or backed up to OneDrive
- As part of its security features, OneDrive produces a version of Microsoft Office files when you save or update them.
- Go to OneDrive on the web to discover if there are any older versions of your file. Select Version history from the context menu when you right-click on a file you want to restore.
- Customers using OneDrive for Business should consult the Office help site’s Manage document versions article.
Recover your files from Ransomware infections For files on your PC
- Before you were infected, you must have enabled File History (in Windows 10 and Windows 8.1) or System Protection for prior versions (in Windows 7 and Windows Vista). In some circumstances, your PC manufacturer or network administrator may have already enabled these features.
- Some ransomware encrypts or deletes backup copies of your files as well. This implies that even if File History is enabled, if you choose a network or local drive as the backup location, your backups may be encrypted. Backups on a detachable device, or a drive that wasn’t connected when the ransomware infected you, may still work.
- For information on how to enable file recovery for your version of Windows, go to the Windows Repair & Recovery site.
You might be able to utilise the programme suggested in the MMPC blog if you’ve been attacked by the Crilock ransomware family (also known as CryptoLocker):
- FireEye and Fox-IT tool can help recover Crilock-encrypted files.
What should I do if I’ve paid?
You should contact your bank as well as the appropriate authorities in your area, such as the police. Your bank may be able to halt the transaction and refund your money if you purchased using a credit card. The government-run fraud and scam reporting websites listed below may also be of assistance:
- In Australia, go to the SCAMwatch website.
- If you’re in Canada, go to the Canadian Anti-Fraud Centre.
- In France, go to the Agence Nationale de la Sécurité des Systèmes Information’s website.
- In Germany, go to the Bundesamt für Sicherheit in der Informationstechnik website.
- Visit the A Garda Sochána webpage in Ireland.
- Visit the Consumer Affairs Scams website in New Zealand.
- Go to the Action Fraud website in the United Kingdom.
- Visit the On Guard Online page in the United States.
- What to do if you’ve been a victim of identity theft
See this page for basic information on what to do after you’ve paid: Microsoft is the source.