Oops, Your Files Have Been Encrypted - What to Do Safely?

Posted by @Cody

June 7, 2017

If your files have been encrypted by ransomware like WannaCry or Wanna Decryptor, can you recover your files? How to remove ransomware from your Windows 10, 8 or 7 computer? Please follow this guide to minimize your data loss.

You computer is infected by ransomware

If you see an alert "Oops, your files have been encrypted" when trying to open your personal files, then your computer has been infected with malware. You will be asked to pay a certain amount of money (usually in Bitcoins) to decrypt files encrypted.

The biggest cyberattack called WannaCry has aroused much attention around all the world. Most of the computer infected is running Windows 7. Windows 10 is currently safe. If you are one of the victims, just calm down. There are high chances that you will get your files recovered if you do it the right way.

Wannacry Decryptor

Should you pay the ransom?

Don't pay the ransom. If you have created files backup in Windows 7, you can easily restore them safely. Besides, it is reported that someone had already paid the ransom to no avail. The people behind this ransomware WannaCrypt are criminals. It is not reasonable to expect such criminals honor their words after the transaction. If the files encrypted are really precious to you, there are things you should do instead.

Can you recover files encrypted by WannaCrypt Ransomware ?

Don't try to click the "Decrypt" button. You can use data recovery tool to recover ransomware encrypted files instead, because your original files were deleted and the encrypted files you see with extension .decrypt or .wncry were newly created by the ransomware.

If you still have some files that data recovery software cannot restore, there is still hope that you will get the files back without paying the ransom. You can wait for the decryption tool.

"We will get a decryption tool eventually, but for the moment, it's still a live threat and we're still in disaster recovery mode," Rob Wainwright, Europol director.

Recommended steps to handle with infected computers

1. The first thing you should do is to disconnect your computer from the internet, otherwise, it can spread to all the computers on the same network in seconds.

2. Restore your PC to the previous date or use other recovery options. If there are none recovery options available, boot into Safe Mode and backup all your encrypted files in case the malware or its variation delete all your files.

3. Remove the ransomware. You can remove the ransomware WannaCry once infected, but the process is not easy.

4. Backup your computer. In the situations like this, there is no better way than a good backup strategy.

How to remove WannaCrypt ransomware virus?

Some of these steps below, if handled incorrectly, may lead to a system problem. It is recommended to create a system image backup before applying these methods.

1. Boot your computer in Safe Mode.

2. Press Ctrl + Shift + Esc to open Task Manager. Click on the Processes Tab, and delete those unfamiliar entries. Be careful when doing this because delete system process may cause system issues.

3. Press Windows + R, and type "msconfig" to open System Configuration. Click on the "Startup" tab and then look through all the programs for suspicious one. If you find an unknown developer, uncheck it and then click OK.

4. Press Windows + R, and type "regedit" enter Registry. Press Ctrl + F to bring out the Find window. Then search for "Virus Ransom.Crypt or WannaCry". The delete all the items in the results.

5. Go to the Start Menu in Windows 7 or search box in Windows 8 and then individually typing the following: %AppData%, %LocalAppData%, %ProgramData%, %WinDir%, %Temp%. when each folder opens, delete the files and folders created after your computer got hit by the ransomware.

This ransomware virus removal guide has been reported working, but it cannot guarantee that WannaCrypt will be completely removed from your PC. If you do not familiar with these steps, you may consider using tools like SpyHunter.

How to create an offline backup on infected computer?

As mentioned, you should create a backup after the infection in case of data loss caused by misoperation or the malware. As for the backup tool, AOMEI Backupper Free - Especially For WannaCry Ransomware.

For infected PC, to backup system without virus running, you can first create a bootable media and then perform an offline backup. You can follow the steps below to create a system image backup.

1. Download and run this freeware. Connect a writable USB flash drive or DVD/CD to your computer.

2. In the upfront window, select Create Bootable Media and follow the wizard to create a bootable disk.

Create Bootable Media

3. Boot your computer from the boot disk.

4. Click Backup and then select System Backup. If you only want to backup encrypted files, you can select File Backup.

System Backup

5. All the partitions required for a full system restore will be included in Step 1 by default. Click Step 2 to specify the target location to receive the backup. It is recommended to save the backup to an external hard drive.

Backup Location

6. Click Start Backup to start the backup.

Start Backup

If you ever see an alert like "your files have been encrypted", don't panic and follow this guide to reduce your data loss to the minimum. In conclusion, having a regular backup plan is the best defense against ransomware. In case virus or malware infect the backup, you should backup to an offsite location or backup to Google Drive or other cloud storage locations.