0

I caught a hacker red handed on my computer but I panicked and switched it off and turned off my entire network.

Now with my internet disconnected I turned my computer back up just to find that every file in every drive of my computer had been affacted and now everything is a .fair file, with the exception of a readme-warning.txt file, existing in every directory which I didn't open and will not open.

I've ran an Windows Defender complete check up and it found nothing malicious.

I can just format my computer with my bootable usb drive, but if I could salvage my files would just be amazing.

It's important to note that I can use everything in my computer, I think the hacker didn't have time to complete his hacking, but I don't know for sure how long he was working with my computer.

pauLo_0liveira
  • 1
  • 1
  • 3
  • 1
    You might be lucky and the decryption key is already known, but that requires you to NOT remove the malware until after you decrypt the files. **There wasn’t a “hacker” you downloaded malware accidentally and it encrypted your files.** Even if you had a restore point one of the things that almost always happens is the removal of the restore points by the malware – Ramhound Jan 19 '21 at 23:09
  • How do I find said decryption key? – pauLo_0liveira Jan 19 '21 at 23:12
  • 1
    Typically you don’t without paying the ransom, which you should obviously avoid doing that, since there isn’t any guarantee the files will actually by decrypted. Your deal with a criminal organization that is stealing hundreds of millions of dollars. You restore from a offline backup – Ramhound Jan 19 '21 at 23:15
  • Does this answer your question? [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](https://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – Tetsujin Jan 20 '21 at 08:26

1 Answers1

2

Files encrypted by ransomware must be restored from your backups . Generally for any new ransomware cannot be unencrypted. It is always considered inadvisable to pay ransom.

Then, back up what you can on a separate USB drive.

Once done, format and reinstall Windows. Restore Points cannot help here.

Be very careful what you restore. Best if you can to test files on a spare computer before restoring to your main computer.

John
  • 46,167
  • 4
  • 33
  • 54
  • Every file has been encrypted. I have never done restore points on my computer, so I don't have a backup point to go to, I heard that windows creates restore points after every update, but when I checked in `control panel > recovery` I didn't have any restore points so maybe the hacker deleted them? – pauLo_0liveira Jan 19 '21 at 23:10
  • Restore Points are essentially not of any value after files have been encrypted. Restore Points cannot unencrypt. – John Jan 19 '21 at 23:13
  • 1
    Restore points are one of the first things that are deleted by ransomware, for obvious reasons, it would defeat the ransom – Ramhound Jan 19 '21 at 23:16
  • 1
    Making a *complete disk image*, stored offline, is an effective strategy for dealing with malware such as ransomware. Too late now to help, but remember to do so *after you are certain there is no malware on the system*. – DrMoishe Pippik Jan 20 '21 at 01:13
  • I don't remember the name but there is software to decrypt some malware. Either due to design flaws or someone figured out the keys or a way to get the keys. It may or may not work, but its worth a try. Have to google for it. – cybernard Jan 20 '21 at 15:50