Data recovery FAQ: answers to your questions
Find answers from our specialists to the most frequently asked questions about data recovery: hard drive failures, SSD, RAID, USB drives, pricing, turnaround times and process. SOS Data Recovery (Tesweb SA), Swiss specialist since 2006 with over 10,000 cases handled, answers your questions.
Why consult our data recovery FAQ?
Our technicians answer the most frequently asked questions about hard drive, SSD, RAID, NAS, USB drive and memory card failures. Each answer is based on over 10,000 cases handled since 2006 and regularly updated. If you cannot find the answer to your question, contact us — free diagnosis within 3 hours.
How to tell if my backups have also been encrypted by ransomware?
Modern ransomware primarily targets backups to maximize pressure on victims. Here's how to identify if your backups are compromised:
- Network backups (NAS, backup server): check the file extension — an unknown or added extension (.locked, .encrypted, etc.) indicates an infection. Also, check the metadata (recent and unusual modification date).
- Synchronized cloud backups: if the synchronization client (OneDrive, Dropbox, etc.) was active during the attack, the encrypted files have probably replaced the originals. Check the version history before restoring.
- Offline backups (disconnected external drive, LTO tape): if they were not connected to the network during the attack, they are generally intact.
The 3-2-1 rule (3 copies, 2 different media, 1 offsite) with at least one air-gapped copy is the most effective protection against ransomware.