Recovery of Ransomware files

We can recover files encrypted by most ransomware extensions on any storage device

Agent ransomware attack












Recover Ransomware

Recovery of files encrypted by ransomware is possible with our solutions.

Recovering ransomware has been a major challenge for specialized data recovery companies around the world due to increasingly complex and difficult to crack encryption algorithms.

According to a report by Kaspersky, a digital security company, there was an increase in the number of ransomware attacks targeting the enterprise from January to October 2022 compared to the same period last year, the rise was from 0.016% in 2021 to 0.026% in 2022. This corresponds to 21,400 attacks in the period. Remember that these are only attacks that are planned and tailored to target specific companies. 

These attacks are a minority, usually targeted attacks by large ransomware groups targeting large corporations, this tactic is known as “big-game hunting”.

The vast majority of ransomware attacks are done without a specific target, as is obvious from the research, this puts any company in the world as a potential target to be hacked and encrypted by ransomware.

Despite the great difficulty in recovering ransomware, there are a few companies in the world that have managed to develop technologies that can recover encrypted files, among these companies is Digital Recovery, which has accumulated expressive numbers in recovering files encrypted by ransomware.

Why Digital Recovery?

Digital Recovery is a company that specializes in ransomware recovery. We have a specialized division that can work in 24x7x365 mode dedicated to handle complex cases of ransomware attacks.

We have a specialized technical staff with good results in the recovery of databases, virtual machines, servers, storage (NAS, DAS, SAN), RAID systems, among others.

We have developed software and hardware technologies that enable us to act with precision and agility in advanced diagnostic and data recovery processes. The creation of these technologies – many of them exclusive and proprietary – has kept Digital Recovery at the forefront. One of our technologies, called Tracer, is capable of generating differentiated results in the recovery of files encrypted by ransomware.

Our solutions can be applied remotely anywhere in the world, check with our specialists for possibilities.

If you require, we can also provide a Non-Disclosure Agreement (NDA) in a language of your choice. All our solutions have been developed in compliance with the Brazilian General Law on Data Protection (GDPR).

Contact us and let us start the process to recover ransomware right now.

Calm down, your data can be retrieved

Digital Recovery

We will run an
advanced diagnosis

Get the quote for your project

We kick off the data reconstruction

Get your data back

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Customer experiences

Success Cases

What our customers say about us

Companies that trust our solutions

Answers from our experts

What are the main types of ransomware?

With hundreds of ransomwares on the market and new, even more advanced versions emerging every day, we can classify ransomware into the following types:

  • Crypto: encrypts the files preventing them from being used. Although the files are encrypted, it is possible for the user to boot up the operating system and see the encrypted files.
  • Locker: Encrypts the device and prevents access to it. In other words, the user will have access to absolutely nothing else, since not even the operating system of the device can be loaded.
  • Doxware: is an even worse type of ransomware than the first two. In addition to demanding a ransom, they threaten to publish your photos, confidential files, and banking data on the Internet. This can be devastating for businesses and individuals, especially when you don’t have the money to pay the ransom.
  • Scareware: This is a type of ransomware that is considered less harmful, but it is designed to be a gateway to more powerful ransomware. When this ransomware infects a computer it slows it down and forges a message as antivirus asking to install a program to delete the virus, this new program is ransomware.
  • Jackware: is the most dangerous type of ransomware. It is also called Thing Ransomware (RoT). It targets attacks on systems that control cars, hospital equipment, nuclear reactors, and a host of other types of equipment that have some connection to the Internet. An attack like this can cause great damage and even death for many people.

What happens if I don't pay the redemption?

Usually hackers leave threatening messages on affected machines. But if the information is not important or if you have a backup, by formatting the computer and taking precautions not to get infected again nothing will happen. There is a new type of attack where hackers steal your information and if you do not agree to pay the ransom they threaten to share your information on the Internet.

If I pay the ransom is it certain that I will receive the decryption key?

No, there is no guarantee that the decryption key will even be released after payment, there are no higher authorities to turn to in such a case. Therefore, it is recommended that payment not be made, in case of ransomware encryption, always inform the authorities and contact Digital Recovery to start the process to recover ransomware as soon as possible.

How does a Ransomware attack take place? What steps do you go through before the attack is completed?

Just as in a grand theft there is a high level of planning, so too in a cyber attack.

For a burglar to break into a house, someone has to open the door or he has to find a way to bypass the security systems. In the same way a hacker will try to get a partner inside your computer to open the door for him to enter. These accomplices can be dubious programs downloaded from the Internet or sent by e-mail. If he is not able to infiltrate these “accomplices” the job will be much harder.

Once the program is installed on the user’s machine, the user is responsible for opening the door and letting the hacker know that he has a machine available for hacking. Once this is done, the process of encrypting the data is started.

After attacking the machine the ransomware can easily spread to infect machines on the network with servers as the main target. If the servers are hacked the entire company will be affected.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


What you need to know

The best thing to do to guard against ransomware attacks is to hire a consulting company with professionals who specialize in the field of IT security. But if this is not your case, simple tips can help. Here are some of them:

  • Install a good anti-virus package
  • Manage your passwords properly
  • Do not install or download programs from unknown sources
  • Be very careful when opening suspicious e-mails

If you do this, it will already help a lot in prevention.

I don’t think it is possible to explain this subject with a simple answer. But let’s just cover a few topics on the subject below. The best option is to hire a consulting company or a professional that specializes in the area of cyber security.

  • Organization – A good way to start prevention is to organize and document networks, computers, and systems. Having a good documentation of the IT park can help a lot in the prevention process. Be aware of what software is allowed and used. Create rules so that ordinary users do not install any program on the computers. Know who are the computers, laptops and cell phones that have access to the physical network and Wi-Fi in your home or business.
  • Strong passwords – Don’t use the same passwords for everything. Avoid birth dates and birthdays. If possible install a password manager that will always suggest and store a password with a high level of difficulty to crack.
  • Security Solutions – A good security solution includes in its toolkit a good antivirus and a number of other tools with the purpose of reporting, preventing and neutralizing cyber-attacks. The value of a safe, as well as the time and security apparatus invested to protect it, is directly linked to the list of items you intend to keep inside. If you have very valuable data on your computers then make an equivalent investment to protect your information.
  • Effective backup policies – Have a good backup policy. Regrettably we have had cases where a client being attacked by ransomware was quite reassured that their backups were up to date. However, when returning the backup files, it was discovered that they were also encrypted by the ransomware. Also remember that a backup is always a second copy of the same information. Making a copy of the information on an external disk and then deleting the information from the computer’s hard drive does not make it a backup. Nowadays there are very secure ways of performing backups. Data center redundant backup policies are the best.
  • Be careful with email – A lot of bad stuff can get into computers through email. Establish policies so that the e-mails used in the company are only for professional purposes. You can also configure security applications to not allow links and files attached to e-mails to be downloaded, opened, or accessed.
  • Beware of software cracking programs – Software cracking programs are always from dubious sources. But what are they and what is the purpose of these programs? Imagine that you download the demo version of a certain program. But after a few days of use, the program stops working because the demo period has expired. The way to continue using the program is to buy a legal copy of it. But usually there are sites on the Internet that can provide you “free” software that will crack your program to make it work as if you had bought the original version. Be very careful with these programs. You cannot believe that someone would create such a program and not want anything in return. If this program opens a virtual door in your computer to be accessed after 6 months you will never suspect that the attack came from a trojan horse that entered your computer six months ago.

Yes, holidays and weekends are the days of choice for cyber attacks. The reason for this is because on holidays and weekends there are far fewer people active in computer network security.

  • Shut down your computer immediately
    • A ransomware attack can take anywhere from a few minutes to a few hours. Depending on the amount of data a user or server has it can take a long time to encrypt the data. If you notice that something is wrong and the symptoms are of a ransomware attack, shut down the computer immediately, as the attack may still be in the beginning and by doing this you prevent further information from being encrypted.
  • Disconnect the machine from the network.
    • This stops the attack and prevents it from spreading to other computers if you are connected to a company or home network.
  • Remove the hard drive from the machine and install it on another machine as a secondary hard drive.
    • To be safe the machine that receives the infected hard drive needs to be a machine isolated from the network, without internet, without any information that could possibly also be encrypted and with an updated antivirus with an updated ransomware specific package.
    • If you do not have experience, call a technician to perform these procedures.
  • Scan the hard drive that suffered the ransomware attack to remove the malware, ransomware and other possible pests currently active on the disk.
  • After the ransomware has been removed, perform an analysis to see if your data has indeed been encrypted.
  • Usually they use RSA [Rivest-Shamir-Adleman]-2048 e AES [Advanced Encryption Standard] with 256 bits.

In first place, with 29% of the attacks, the invasion happens because of downloading an infected file or clicking on a malicious link. In second place, with 21% of the cases, is the attack via RDP [Remote Desktop Protocol], which is a means of access to provide remote access to Windows machines.