We received a contact from a company that said it had suffered an attack and was unable to continue its activities. When they arrived at their offices after the weekend, they realised that a large part of their data was inaccessible.
This was the situation: More than 10 virtual machines, all hosted on Windows Server that no longer boot due to a malware in the environment, which prevented the company from functioning.
The hacker group Lockbit, having hacked into the environment set a ransom demand of more than 20,000 euros. Ransom that the company refused to pay.
After this, the search for a company capable of recovering their data was initiated, with many fears about the possibility of recovery without the payment of ransom, they found Digital Recovery. We soon positioned ourselves as the solution to the problem.
Because of the fear with the solutions offered and the possibility of decryption, only one infected VHDX was forwarded, which we totally understand, after all, that’s what we hear out there.
We then performed a diagnosis going forward that resulted in a promising scenario that made decryption feasible. With the authorization of the company and the diagnosis done, we then began the decryption of the data.
Seeing that we were able to deliver what we promised with one VHDX, the client was quick to send the others. We set a deadline for checkpoints during a project, which allowed the client to become increasingly relieved.
It was necessary for the company to restore one of its VHDXs as a virtual disk, to be then booted into a VM. Demand that was successfully met.
Thanks to the skills of our experts, with the help of Tracer, our proprietary technology, 100% of the encrypted data was decrypted. In a few days we were able to prevent a fatal loss of time and money for the company and its customers.
Ransomware attack may not be preventable, but data loss is.