Files can be lost in many ways. Dealing damage to the disk, unintentional deletion of files, partition table failure – that are the reasons for losing the files in a “peaceful” way. Much more harmful and massive is losing the files because of malware attack – ransomware, for example. Ransomware is a virus that encrypts your data with a key that is known only by its distributors, and then offers you to pay the ransom to get this key and decrypt your files. In this guide, you will see how to recover your files after the ransomware encryption using PhotoRec – free utility with quite a wide functionality.
Nonetheless, ransomware is not a curse for your documents. As a result of some specific features, it utilizes throughout the encryption procedure, and also physical disk properties, you can make use of the revival programs. Malware file encryption process feature is following: it encrypts every file byte-by-byte, after that saves a document copy, removing (and not overwriting!) the original document. Hence, the info concerning file place on the physical disk is eliminated, however, the initial file is not deleted from the physical disk. The cell, or the sector where this document was kept, can still contain this file, however, it is not noted by the file system and can be overwritten by files that has actually been loaded to this disk after the deletion. Thus, it is possible to recover your documents making use of specific programs.
PhotoRec is an open-source program, which is originally developed for files revival from broken disks, or for files recovery in case if they are deleted. Nonetheless, as time has passed, this program got the ability to regain the documents of 400 various extensions. Thus, it can be used for information recovery after the ransomware attack.
How to use PhotoRec?
Primarily, you need to download this application. It is 100% free of cost, but the developer states that there is no guarantee that your documents will be regained. PhotoRec is distributed in a pack with additional utility of the same developer– TestDisk. The downloaded archive will have TestDisk name, however, do not panic. PhotoRec files are right inside.
To open PhotoRec, you need to find and open “qphotorec_win. exe” file. No setup is needed– this program has all the files it need within the archive, thus, you can fit it on your USB drive, and attempt to help your friend/parents/anyone that was been attacked by ransomware.
After the launch, you will see the screen revealing you the complete list of your disk drives. However, this info is likely pointless, since the required list is placed a bit higher. Click this bar, after that pick the disk which was attacked by ransomware.
After selecting the disk, you need to pick the destination folder for the revived documents. This menu is located at the lower part of the PhotoRec window. The best desicion is to export them on USB drive or any other type of removable disk.
After that, you need to define the file formats. This option lies near the bottom, too. As it was mentioned, PhotoRec can restore the documents of about 400 various formats.
At last, you can begin documents revival by pressing the “Search” button. You will see the display where the outcomes of the scan as well as revival are shown.