How to recover your data from a ransomware attack
What is a Ransomware?
Ransomware is a type of malware that threatens to publish the victim’s personal data or block access to it using encryption unless a ransom is paid. Usually the ransom demand is in crypto currency so that its difficult to track. Also paying the ransom does not guarentee the data decryption.
How to protect your data against ransomware attacks?
Ransomware infection usually spreads through phishing scams, when you click an attachment in emails to open and thus a malware infects your machine. Once your system is infected it will encrypt all your data files and create the encrypted file with a unique extension. Extension depends on the version/variant of the ransomware.
Microsoft provides Windows Defender (+other features as Windows Security) as an anti-virus by default and that has a feature which is less known to people. I also noticed that its disabled by default, atleast in my case.
In the below screenshot you can see that you have different options for OneDrive Personal & OneDrive Business. In my case I have 2 x OneDrive for Business accounts (blurred in the screenshot) and a OneDrive Personal account. Both have file recovery options but in different ways. I believe the main difference is because the technology is different for both of them and also Free vs Paid. OneDrive for Business uses SharePoint.
Use Protected folders to configure which folders you use to store data files. By default your document folders are included but if you keep documents in different locations, you need to manually add them. You can see in the below screenshot that I have added both drive D & E in the list.
Once you have the folder added, everytime an application tries to use those folders Windows Defender will blocks & prompt. In order to avoid the inconvenience, you can add your trusted applications in the Allow App list.
What is OneDrive Personal & Business?
OneDrive is a Microsoft cloud storage service that lets you store your personal files in one place, share them with others, and get to them from any device connected to the Internet. OneDrive Personal is free and comes with storage space restrictions and OneDrive Business comes with Office 365 paid subscription and usually have 1TB space per user.
How to recover your data from OneDrive Personal
Since OneDrive Personal is a free version it comes with limitation with respect to how the file recovery can be done in case of ransomware attack. In this case we need to use individual file Version history to restore the file. Use the OneDrive Online for these operations.
Keep in mind File history option might not be reliable always since some of the new ransomware deletes file history and restore points.
How to recover your data from OneDrive for Business
Since OneDrive for Business uses Sharepoint at the backend, it has more easier options for storage and restore.
How to avoid getting ransomware
In todays world everyone who uses any device to access internet should be aware of what “Cyber Hygiene” is. In the case of ransomware, it could come even through PDF or Office documents with macros which downloads the payload/virus/malware when opened. So you need to be aware and not click to open files from unknown email senders.