Will a Factory Reset Remove Ransomware? The Experts Weigh In (2024)

There is no doubt that the reset option for computing devices has changed has proved a game changer. It’s the chance to start over once again with a clean slate. For enterprises that manage their Windows devices using Microsoft Endpoint Manager (MEM), you can simply reset the device and let MEM reinstall the applications automatically to return the computer to full production mode in no time. Because resetting a device is so easy today, a common question is whether a factory reset will protect it from ransomware.

What a Factory Reset Does

Let’s use Windows as an example. At the very least, a Windows reset is going to reinstall the Windows OS and remove any installed application or driver that wasn’t shipped with the machine. It will return personal settings to their default state and delete all files that don’t reside in a user profile.

These are known as your personal files, and you can choose whether to retain or delete them. Keeping your personal files is known as a “refresh” on Windows 10. If you are resetting your device to recover from a virus, you certainly want to delete everything. Obviously, you will need a backup of any personal file that you want to recover should you enact this nuclear option.

Clean the Enterprise Environment First

If your computing device is part of a network, you want to first neutralize the threat already within your environment before potentially wasting time with a factory reset. It makes sense—recovering a device within a compromised environment will only invite the malware back. In the case of a mobile device, you can disjoin it from the network and restore it within an isolated environment. Once the threat has been eradicated from your enterprise, you can connect it again. You should also disconnect any auxiliary devices such as USB sticks, printers, and so on from the computer, as the malware can reside in them.

‘It Depends’

So, will a factory reset recovery remove viruses or ransomware? Like a lot of things in life, it depends. If a ransomware attack only targeted certain file types, such as Office files, a reset would eradicate those infected files and your machine would recover in a clean state.

If a virus has infected the OS as well, that’s another matter. Should ransomware invade the local recovery partition of your computer and encrypt it, your recovery files are inoperable. You could attempt a recovery from a USB drive, but you risk the virus infecting the USB drive once inserted.

The good news is that Windows introduced the Cloud Download option with version 20H1. Enabling this option means that your new Windows installation files are coming from the Microsoft cloud. Of course, if you have several thousand machines to reset at a single site, this process is going to take awhile.

The Case of Mobile Devices

While we have used Windows 10 as our prime example, the principle is the same whether it’s a Chrome tablet, iOS device, or smartphone. In the case of mobile tablet or phone, performing a factory reset can be quickly expedited so there isn’t a lot to lose to resetting it. You would want to verify that the device is indeed clean before going to any sensitive or secure links or webapps.

A Viable Tool

You shouldn’t depend on factory resets as your only defense against malware. It is, however, a viable tool of last resort that can get you out of a jam, especially for a consumer grade device. In the end, endpoint protection and good cyber hygiene practice will go a long way as far as prevention.