How we saved a power company from extortion by REvil Sodinokibi ransomware

We received a case of REvil Sodinokibi ransomware attack, at the time the group was among the largest and most effective ransomware in the world, the group’s attacks have always targeted large corporations and in this case it was no different.

The attack occurred over a weekend, in fact the ransomware had been on the company’s system for some time, the ransomware managed to target 100 Virtual Machines that were hosted on a Windows X86 server.

This was a large-scale attack targeted specifically at the company. REvil used an RDP port, which is a port for remote access. The operation of the company was not affected completely, because the main servers were not hit by the attack, the servers that were hit were secondary.

The ransom demanded by the group was 2 million reais, which the company refused to pay and began the search for an alternative solution to payment and, among the solutions found Digital Recovery stood out from the others for its differentials and advanced diagnosis, which could completely map the encrypted data.

Soon after the advanced diagnosis, with the endorsement of the company, we immediately started the recovery. This case was extremely complex, what would normally be done in up to 10 days, was done in 30 days due to the high volume of encrypted data that was stored in different Virtual Machines.

But, not even this complexity was able to stop our experts, who tirelessly worked to recover the files, using the aid of Tracer, a proprietary technology, without which this recovery would have lasted months. After the process, 100% of the encrypted data was recovered.

This is just one case of the hundreds we have served, we have satisfied customers all over the world.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Ransomware AtomSilo

AtomSilo Ransomware

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.