Issue: How to recover files encrypted by Schwerer ransomware?
My computer is infected with Schwerer virus, and I am looking for a repair solution. I need to get all the data stored on my D: partition back. It looks like the virus destroys Volume Shadow Copies too, so I cannot restore my files from them. Sadly, I do not have backup copies of my files either. I look forward to your suggestions.
Schwerer ransomware is a nasty cyber infection which infects and locks files on every computer it manages to infect. Viruses that display such behavior are dubbed as ransomware. In fact, ransomware is typically categorized into two types: screen lockers and encryption-based ones. Schwerer virus belongs to the latter category. It does not change master boot settings to prevent victims from accessing their files by displaying a lock screen. Instead, the virus encrypts personal data that it finds on the infected computer using AES encryption algorithm — the military grade cipher which is virtually impossible to decrypt without a special key. Unfortunately, this key cannot be obtained that easily since it is in the hands of the extortionists. In fact, the criminals offer to buy this key from them for €150 — a relatively small sum compared to what most ransomware typically demand for the data decryption. Nevertheless, it is not worth recovering your files according to the rules of the criminals. You can never know if the hackers will really send you the restore key or simply vanish with the cash. Besides, security researchers have already come up with a free Schwerer decryptor which you can use to recover your data for free. Of course, the decryptor will only work for the version of the ransomware it was designed for. So, if hackers decide to upgrade the virus, you may not be able to recover your files using this tool.
How does Schwerer decryptor work?
Schwerer decryptor is actually a random key generating software designed to supply ransomware victims with personal data restore keys. To use the tool, you will have to follow these steps:
- Backup your files. Save copies of the encrypted data in case the decryption process fails or files become permanently corrupted. This way, you will be able to go carry out the decryption again, if needed
- Download the Schwerer decryptor (Zip file of the restore key generator) and extract it on your computer
- When the program is done extracting launch it and follow the instructions to randomize your decryption key
- Copy the key into the clipboard
- Open the window containing Schwerer ransom note and paste the code into the “Restore key” box
- Click the “Restore files” button
- Run the system scan with antivirus software to eliminate malicious virus component from your computer.
How to recover files without decryption software?
Method 1: Decrypt files encrypted by Schwerer using Data Recovery Pro
Data Recovery Pro is a specialized software programmed to restore corrupted files and encrypted data. The program covers various types of data and offers the ability to save the restored files into a selected catalog on the computer. Here is how to use Data Recovery Pro:
- Obtain Data Recovery Pro tool from its official website or initiate the download immediately by clicking this link. http://www.2-spyware.com/download5/data-recovery-pro-setup.exe;
- Follow the instructions on the screen to install Data Recovery Setup
- Run the application. It will automatically locate and decrypt files within the range of its abilities.
Method 2: Windows Previous Versions feature will help recover older file versions
Windows Previous Versions is not the solution which will guarantee you a full system recovery, but it will successfully fetch you some of the most important files. You should note that System Restore must be enabled for this in-built Windows assistant to work. If it has been enabled before the Schwerer attack, then you may proceed with the following steps:
- Choose what files you want to restore and right-click on it to select it
- In the drop down menu, locate the “Properties” option and go to the “Previous Versions” tab
- The “Folder versions” will reveal all the saved copies of your selected file. Select the desired version and hit “Restore.”
Method 3. How should you use ShadowExplorer to recover your files?
It is still unclear whether Schwerer destroys Volume Shadow Copies of the encrypted files. It might be that some of its version do, and some don’t. Thus, to find that out, you should try following these steps:
- Go to http://shadowexplorer.com/, download and install Shadow Explorer on your PC
- Run the application and select the disk you want to decrypt from the menu in the top right of the screen.
- The new window will open all the folders contained on the selected disk, from which you should choose the ones you want to restore.
- Click “Export” to start the recovery.