Windows 10: Recover files on Onedrive encrypted by ransomware

Some of my files on Onedrive can't be opened due to being encrypted by ransomware. They've been added .iqll. It may be a kind of Offline Key infection as I've checked them using EmisoftMy Onedrive account is a 365 Education one. Are there any ways to recover/repair those files?

:)

 

Ransomware & OneDrive

When the files in the OneDrive folder on Windows are encrypted, changes would usually be synchronised immediately, therefore rendering everything useless. There are some decryption tools available online, which you can use to recover lost data. There are
different versions depending on what ransomware encrypted the files.

Have a look at these examples from Kaspersky:

Free Ransomware Decryptors - Kaspersky

I hope this helps.

 

Filed encrypted by Tor ransomware

More information is needed to determine specifically what infection you are dealing with since there are many variants of crypto malware (file encrypting ransomware).
RSA-4096 / RSA-2048 / RSA-1024 / AES-256 / AES-128 are
encryption algorithms and not an explicit way of identifying a particular ransomware infection.

Are there any obvious file extensions appended to or with your encrypted data files (i.e. several random hexadecimal characters, words or email addresses)? If so, is the extension the same for each encrypted file or is it different?

What is the actual name of your ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the
C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named
.html, .txt, .png, .bmp, .url file. Most ransomware will also drop a ransom note in every directory/affected folder where data has been encrypted.

The best way to identify the different ransomwares is the ransom note (including it's name), the malware file itself, any obvious extensions appended to the encrypted files, samples of those encrypted files and information related to the email address used
by the cyber-criminals.

You can submit samples of encrypted files and ransom notes to ID Ransomware for
assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further
assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

After gathering that information, please read and follow the instructions below.

• How to Post a Topic Asking for Help With Ransomware

 

How can my files on onedrive get corrupted by a ransomware attack?

US-CERT Alert (TA13-309A) advises some crypto malware variants have the ability to target, find and encrypt files located within
network drives, shared (mapped network paths), USB drives, external hard drives, and even
files stored on cloud services (cloud storage drives) if they have a drive letter. Although cloud backups typically do not use drive letters, many cloud storage services do not save prior file versions so there’s no way to revert to a clean
file version.

OneDrive is Microsoft's
free data hosting cloud service that allows users to sync files and later access them from a web browser or mobile device. I do not use OneDrive, but from what I understand the source data (like

GoogleDrive) resides locally in the OneDrive folder. If that gets encrypted by ransomware, it will get encrypted in the Cloud service as well since it gets automatically synchronized. However, according to Microsoft, OneDrive
has the capability to restore files affected by ransomware by using Version History or restoring from the OneDrive Recycle Bin...see

OneDrive vs. Ransomware which includes links with instructions for recovering OneDrive-based files using Version History and the OneDrive Recycle Bin.

• How to Deal with Ransomware: How can I remediate a ransomware attack?
• Because Ransomware: OneDrive for Business to Get "Files Restore" Option