how can I recover my pc without any restore points

Question

I caught a hacker red handed on my computer but I panicked and switched it off and turned off my entire network.

Now with my internet disconnected I turned my computer back up just to find that every file in every drive of my computer had been affacted and now everything is a .fair file, with the exception of a readme-warning.txt file, existing in every directory which I didn't open and will not open.

I've ran an Windows Defender complete check up and it found nothing malicious.

I can just format my computer with my bootable usb drive, but if I could salvage my files would just be amazing.

It's important to note that I can use everything in my computer, I think the hacker didn't have time to complete his hacking, but I don't know for sure how long he was working with my computer.

You might be lucky and the decryption key is already known, but that requires you to NOT remove the malware until after you decrypt the files. There wasn’t a “hacker” you downloaded malware accidentally and it encrypted your files. Even if you had a restore point one of the things that almost always happens is the removal of the restore points by the malware — Ramhound, Jan 19 '21 at 23:09
Typically you don’t without paying the ransom, which you should obviously avoid doing that, since there isn’t any guarantee the files will actually by decrypted. Your deal with a criminal organization that is stealing hundreds of millions of dollars. You restore from a offline backup — Ramhound, Jan 19 '21 at 23:15
Does this answer your question? How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC? — Tetsujin, Jan 20 '21 at 08:26

John · Answer 1 · 2021-01-19T23:43:30.193

2

Files encrypted by ransomware must be restored from your backups . Generally for any new ransomware cannot be unencrypted. It is always considered inadvisable to pay ransom.

Then, back up what you can on a separate USB drive.

Once done, format and reinstall Windows. Restore Points cannot help here.

Be very careful what you restore. Best if you can to test files on a spare computer before restoring to your main computer.

edited Jan 19 '21 at 23:43

answered Jan 19 '21 at 23:05

John

49,923

Every file has been encrypted. I have never done restore points on my computer, so I don't have a backup point to go to, I heard that windows creates restore points after every update, but when I checked in control panel > recovery I didn't have any restore points so maybe the hacker deleted them? – pauLo_0liveira Jan 19 '21 at 23:10
Restore Points are essentially not of any value after files have been encrypted. Restore Points cannot unencrypt. – John Jan 19 '21 at 23:13
1

Restore points are one of the first things that are deleted by ransomware, for obvious reasons, it would defeat the ransom – Ramhound Jan 19 '21 at 23:16
1

Making a complete disk image, stored offline, is an effective strategy for dealing with malware such as ransomware. Too late now to help, but remember to do so after you are certain there is no malware on the system. – DrMoishe Pippik Jan 20 '21 at 01:13
I don't remember the name but there is software to decrypt some malware. Either due to design flaws or someone figured out the keys or a way to get the keys. It may or may not work, but its worth a try. Have to google for it. – cybernard Jan 20 '21 at 15:50

how can I recover my pc without any restore points

1 Answers1