HELP: Restoring after a Ransomware Attack

Pablobo · May 18, 2024, 8:46pm

Hello,
I have a major dilemma.
I have a question about restoring backed-up files after mitigating a bad ransomware attack. All of my data files were encrypted with additional file extensions. After exhausting attempts to decrypt the files, I learned that the newer virus variants use a random generator to create the decryption key. In other words, I have to pay the ransom and the criminals will issue me a unique decryption file to unlock everything. However, they cost $Thousands and they don’t always give the victim a working unlock key.

SO: I have a My Passport backup of the whole computer consisting of the C Drive (OS and documents) and a D Drive with just photo data.

MY QUESTION IS: Do I need to erase the encrypted files before running a restore? I am thinking that I need to save the encrypted files just in case something doesn’t work with the WD drive in performing a restore on the D Drive. That way I still have the encrypted files that could be unlocked some day with cyber security help. That just isn’t available in 2024.

MY SECOND QUESTION IS: After having cleaned out all the ransomware and restoring the Windows 10 OS, I don’t want to replace the entire contents of the C Drive. I only want to replace the locked data files (WORD docs, pdf’s, audio files) on that drive also and keep the current restored Windows OS components. Is this possible or do I need to wipe both drives completely clean after copying everything from both drives to yet another new backup drive? Can I pick and choose folders and files from the backup and only restore them? Thanks for reading. I really appreciate any help with this.

Vegan · May 18, 2024, 9:01pm

With ransomware it is likely that unless you wipe the system you will be attacked again and again

WD has some new USB based passport disks that could be rotated to guard against future attacks

brandon698sherrick · May 21, 2024, 9:25am

To kynect @Pablobo ,

It’s generally advisable to keep a copy of the encrypted files in case decryption becomes possible in the future. Before restoring from your WD My Passport backup, ensure that your system is completely clean of ransomware. You can select specific files and folders to restore from your backup rather than restoring everything. When restoring files to the C Drive, you can selectively choose which files to replace. Consider using a new backup drive for the restored data files if you’re concerned about the integrity of the WD My Passport drive.

Pablobo · May 23, 2024, 2:54am

Thank you, Brandon698sherrick. I actually though the same thing and that’s what I did. I bought a larger WD Passport but it required a newer software download. Unfortunately this presented a problem at first not recognizing the older Passport because of the older software it used. However, I was able to finally get to the files through an older PC and restoring them after backing up the encrypted ransomware files on the newer WD for the very reason you stated.

Topic		Replies	Views
Searching for Strategy for Ransomware Recovery Portable SSD	3	450	June 25, 2019
Zepto virus infection External SSD for Windows	4	1459	July 21, 2016
Backup files that are virus infected WD Software	2	1121	January 30, 2016
Data recovery after WD Security utility erase Portable SSD	2	1328	December 9, 2016
Ransomware protection Portable SSD	1	1099	July 28, 2016

Legal \| Terms of Use \| Privacy Statement \| Forum Terms of Service
© Western Digital Corporation or its affiliates. All rights reserved. Western Digital Technologies, Inc. is the seller of record and licensee in the Americas of SanDisk® products.

HELP: Restoring after a Ransomware Attack

Related topics