In cases where there is no free decryption tool
, restoring from back up is not
a viable option and file recovery software
work, the only other alternative to paying the ransom is to backup/save your encrypted data as is and wait for a possible solution
...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.
Law enforcement authorities have had some success arresting cyber-criminals, seizing C2 servers and releasing private RSA decryption keys to the public. In some cases, the cyber-criminals, for whatever reason, choose to release the master keys after a period of time. Some criminals have even released the keys here at Bleeping Computer.Imaging the drive backs up everything related to the infection
including encrypted files, ransom notes, key data files (if applicable) and registry entries containing possible information which may be needed if a solution is ever discovered
. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, there is no guarantee
it will work properly or that the malware developer will not release a new variant to defeat the efforts of security researchers so keeping a backup of the original encrypted files and related information is a good practice.