Data loss from encryption ransomware is on the rise, and we see more and more cases each day.  Some of the most prevalent forms of malware currently infecting user’s computers and causing data loss are variations of trojan horses known as ransomware.  Ransomware is a type of malware that prevents the user from accessing their system or data in some form and demands payment to restore the access. Malware in the form of trojans can enter a system via downloaded file, email attachment, or any other vulnerability that allows access to the system.

Ransomware has existed for quite some time. However, a newer type referred to as encryption ransomware has surfaced more recently. This form of malware restricts the user’s system by encrypting some or all of the files on the internal and sometimes every drive connected to the system. The malware operators typically leave notes on the system explaining the situation and demanding payment for the decryption key.

Around 2013-2014, the most common variant was CryptoLocker, and since then various clones of the software have surfaced, the most notorious being CryptoWall. The most recent version of this ransomware, CryptoWall 4.0, surfaced in late 2015. This version has been updated to circumvent antivirus updates designed to detect previous versions, as well as encrypts file names to make it harder to determine what has been encrypted.

With this type of malware being continually updated and distributed, it is important to take the proper precautions to minimize potential data loss from encryption ransomware. Data recovery software such as Data Rescue cannot recover encrypted files since the encryption key is not known, and recovery lab services such as The Data Rescue Center will run into similar issues unless the infection is an older version of ransomware that a solution exists for. The safest and most reliable method to avoid data loss from ransomware is to maintain valid, up-to-date backups of your system using backup tools such as Data Backup.

As mentioned earlier, some variants of ransomware will encrypt all drives connected to the system. Knowing this, it is important to have valid backups that are not connected to your system, in addition to connected backups running more frequently. In the unfortunate event that an infection occurs, and data loss from encryption ransomware happens a majority of your data can be restored using these non-connected backups, minimizing the amount of data lost. When dealing with this type of malware, restoring from a clean backup is the easiest, and sometimes the only solution.