Skip to content

How to recover your data from a ransomware attack

Protect & Recover your data from Ransomware Attacks

What is a Ransomware?

Ransomware is a type of malware that threatens to publish the victim’s personal data or block access to it using encryption unless a ransom is paid. Usually the ransom demand is in crypto currency so that its difficult to track. Also paying the ransom does not guarentee the data decryption.

How to protect your data against ransomware attacks?

Ransomware infection usually spreads through phishing scams, when you click an attachment in emails to open and thus a malware infects your machine. Once your system is infected it will encrypt all your data files and create the encrypted file with a unique extension. Extension depends on the version/variant of the ransomware.

Microsoft provides Windows Defender (+other features as Windows Security) as an anti-virus by default and that has a feature which is less known to people. I also noticed that its disabled by default, atleast in my case.

Click on Virus & threat protection and you can see Ransomware protection at the bottom on the right

In the below screenshot you can see that you have different options for OneDrive Personal & OneDrive Business. In my case I have 2 x OneDrive for Business accounts (blurred in the screenshot) and a OneDrive Personal account. Both have file recovery options but in different ways. I believe the main difference is because the technology is different for both of them and also Free vs Paid. OneDrive for Business uses SharePoint.

Make sure Controlled folder access is On.

Use Protected folders to configure which folders you use to store data files. By default your document folders are included but if you keep documents in different locations, you need to manually add them. You can see in the below screenshot that I have added both drive D & E in the list.

Screen showing options to add additional protected folders

Once you have the folder added, everytime an application tries to use those folders Windows Defender will blocks & prompt. In order to avoid the inconvenience, you can add your trusted applications in the Allow App list.

Screen showing options to add list of Apps approved for using files in the protected folders

What is OneDrive Personal & Business?

OneDrive is a Microsoft cloud storage service that lets you store your personal files in one place, share them with others, and get to them from any device connected to the Internet. OneDrive Personal is free and comes with storage space restrictions and OneDrive Business comes with Office 365 paid subscription and usually have 1TB space per user.

How to recover your data from OneDrive Personal

Since OneDrive Personal is a free version it comes with limitation with respect to how the file recovery can be done in case of ransomware attack. In this case we need to use individual file Version history to restore the file. Use the OneDrive Online for these operations.

Right click on any file and select Version history

Keep in mind File history option might not be reliable always since some of the new ransomware deletes file history and restore points.

You can see for the specific file, file history and option to restore to an older version

How to recover your data from OneDrive for Business

Since OneDrive for Business uses Sharepoint at the backend, it has more easier options for storage and restore.

Click on settings icon and select ‘Restore your OneDrive’ option
Here you have the option to pick which date you want to get the file from. Max limited to 30 days.
Once you select a date in the drop down, you can pick the files from the bottom list for restore.

How to avoid getting ransomware

In todays world everyone who uses any device to access internet should be aware of what “Cyber Hygiene” is. In the case of ransomware, it could come even through PDF or Office documents with macros which downloads the payload/virus/malware when opened. So you need to be aware and not click to open files from unknown email senders.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: