Recovery of Ransomware files

We can recover files encrypted by most ransomware extensions on any storage device













Recover Ransomware

Recovery of files encrypted by ransomware is possible through our solutions.

Recovering ransomware has been a major challenge for specialist data recovery companies around the world due to increasingly complex and difficult to crack encryption algorithms.

According to a report from Kaspersky, a digital security company, there has been an increase in the number of ransomware attacks targeting the enterprise from January to October 2022 compared to the same period last year, up from 0.016% in 2021 to 0.026% in 2022. This corresponds to 21,400 attacks in the period. Remembering that these are only attacks planned and tailored to hit specific companies. 

These attacks are a minority, usually, targeted attacks are made by large ransomware groups targeting large corporations, this tactic is known as “big-game hunting”.

The vast majority of ransomware attacks are done without a specific target, as is obvious from the research, this puts any company in the world as a potential target to be hacked and encrypted by ransomware.

Despite the great difficulty in recovering ransomware, there are few companies in the world that have managed to develop technologies that can recover encrypted files, among these companies is Digital Recovery, which has accumulated expressive numbers in recovering files encrypted by ransomware.

Why Digital Recovery?

Digital Recovery is a company specialising in ransomware recovery. We have a specialized division that can work in 24x7x365 mode dedicated to handle complex cases of ransomware attacks.

We have a specialized technical staff with good results in the recovery of databases, virtual machines, servers, storage (NAS, DAS, SAN), RAID systems, among others.

We have developed software and hardware technologies that enable us to act with precision and agility in advanced diagnostic processes and data recovery. The creation of these technologies – many of them proprietary and exclusive – has kept Digital Recovery at the forefront. One of our technologies, called Tracer, is capable of generating differentiated results in the recovery of files encrypted by ransomware.

Our solutions can be applied remotely anywhere in the world, check with our experts for possibilities.

If you require, we can also provide a Non-Disclosure Agreement (NDA) in a language of your choice. All our solutions have been developed on the basis of the General Law on Data Protection (GDPR), so that we can guarantee our customers full security.

Contact us and let us start the process to recover ransomware right now.

Calm down, your data can be retrieved

Digital Recovery

We will run an
advanced diagnosis

Get the quote for your project

We kick off the data reconstruction

Get your data back

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Customer experiences

Success stories

What our clients say about us

Companies that trust our solutions

Answers from our experts

What are the main types of ransomware?

With hundreds of ransomwares on the market and new, even more advanced versions emerging every day, we can classify ransomware into the following types:

  • Crypto: encrypts the files preventing them from being used. Although the files are encrypted, it is possible for the user to boot the operating system and see the encrypted files.
  • Locker: encrypts the device preventing access to it. In other words, the user will not have access to absolutely nothing else, as not even the operating system of the device can be loaded.
  • Doxware: is a type of ransomware even worse than the first two. In addition to demanding the ransom, they threaten to publish your photos, confidential files and banking data on the internet. This can be devastating for businesses and individuals, especially when you don’t have the money to pay the ransom.
  • Scareware: This is a type of ransomware that is considered less harmful, but it is designed to be a gateway to more powerful ransomware. When this ransomware infects a computer it slows it down and forges a message as being from the antivirus asking to install a program to delete the virus, this new program is ransomware.
  • Jackware: is the most dangerous type of ransomware. It is also called Thing Ransomware (RoT). It targets attacks on systems that control cars, hospital equipment, nuclear reactors and a host of other types of equipment that have some connection to the internet. An attack like this, in addition to causing great damage, can also lead to the death of many people.

What happens if I don't pay the redemption?

Usually hackers leave threatening messages on affected machines. However if the information is not important or if you have a backup, formatting the computer and taking precautions not to get infected again will not happen. There is a new type of attack where hackers steal your information and if you do not agree to pay the ransom they threaten to share your information on the internet.

If I pay the ransom is it certain that I will receive the decryption key?

No, there is no guarantee that the decryption key will even be released after payment, there are no higher authorities to turn to in such a case. Therefore, it is recommended that payment is not made, in case of ransomware encryption, always inform the authorities and contact Digital Recovery to start the process to recover ransomware as soon as possible.

How does a Ransomware attack take place? What are the steps taken until the attack is completed?

Just as in a grand theft there is a high level of planning, so too in a cyber attack.

For a burglar to break into a house, someone has to open the door or he has to find a way to bypass the security systems. In the same way a hacker will try to get a partner inside your computer to open the door for him to enter. These accomplices can be dubious programs downloaded from the Internet or sent by email. If he is not able to infiltrate these “accomplices” the job will be much harder.

Once the program is installed on the user’s machine, the user is responsible for opening the door and informing the hacker that there is a machine available for invasion. Once this is done, the data encryption process begins.

After attacking the machine the ransomware can easily spread to infect machines on the network with servers as the main target. If servers are hacked the entire company will be affected.

Latest insights from our experts

Ransomware AtomSilo

AtomSilo Ransomware

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


What you need to know

The best thing to do to guard against ransomware attacks is to hire a consulting firm with professionals who specialise in the area of IT security. But if this is not your case, simple tips can help. Here are some of them:

  • Install a good anti-virus package
  • Manage your passwords properly
  • Do not install or download programs from unknown sources
  • Be very careful when opening suspicious e-mails

If you do this, it will already help a lot in prevention.

I believe that it is not possible to explain this subject with a simple answer. But we will put just a few topics on the subject below. The best option is to hire a consulting firm or a professional specializing in the area of cyber security.

  • Organisation – A good way to start prevention is the organisation and documentation of networks, computers and systems. Having a good documentation of the IT park can help a lot in the prevention process. Be aware of what software is allowed and used. Create rules so that common users do not install any program on computers. Know who are the computers, laptops and mobile phones that have access to the physical network and Wi-Fi of your home or business.
  • Strong passwords – Do not use the same passwords for everything. Avoid birth and birthday dates. If possible install a password manager that will always suggest and store a password with a high level of difficulty to be discovered.
  • Security Solutions – A good security solution includes in its package of tools a good antivirus and a series of other tools with the purpose of denouncing, preventing and neutralising cyber-attacks. The value of a safe, as well as the time and security apparatus invested to protect it is directly linked to the list of items you intend to keep inside it. If you have very valuable data on your computers then make an equivalent investment to protect your information.
  • Efficient backup policies – Have a good backup policy. Regrettably we have had cases where the client when attacked by ransomware was quite reassured as their backups were properly up to date. But when returning the backup files it was discovered that they were also encrypted by ransomware. Also remember that a backup is always a second copy of the same information. The fact of making a copy of the information on an external disk and then delete the information from the computer HD does not make it a backup. Nowadays there are very safe ways of performing backups. Data centre redundant backup policies are the best.
  • Be careful with email – A lot of bad stuff can get into computers through email. Establish policies so that the emails used in the company are only for professional purposes. You can also configure security applications to not allow links and files attached to emails to be downloaded, opened or accessed.
  • Beware of software cracking programs – Software cracking programs are always from dubious sources. But what are they and what is the purpose of these programs? Imagine you download the demo version of a particular program. But after a few days of use the program stops working because the demo period has expired. The way to continue using the program is to buy a legal copy of it. But usually there are sites on the internet that can provide you “free” software that will crack your software to make it work as if you had bought the original version. Be very careful with these programs. It is hard to believe that someone will create such a program and not want anything in return. If this program opens a virtual door in your computer to be accessed after 6 months you will never suspect that the attack came from a Trojan horse that entered your computer six months ago.

Yes. Holidays and weekends are the preferred days for cyber attacks. The reason for this is because on holidays and weekends there are far fewer people active in computer network security.

  • Shut down your computer immediately
    • A ransomware attack can take anywhere from a few minutes to a few hours. Depending on the amount of data a user or server has it can take a long time to encrypt the data. If you notice that something is wrong and the symptoms are of a ransomware attack shut down the computer immediately, as the attack may still be in the beginning and by doing so you prevent further information from being encrypted.
  • Disconnect the machine from the network.
    • This stops the attack from spreading to other computers if you are connected to a company network or home network.
  • Remove the hard drive from the machine and install it on another machine as a secondary hard drive.
    • To be safe, the machine that receives the infected hard drive must be isolated from the network, without internet, without any information that could eventually also be encrypted and with an updated anti-virus with an updated ransomware specific package.
    • If you do not have experience, call a technician to perform these procedures.
  • Scan the hard drive that suffered the ransomware attack to remove the malware, ransomware and other possible pests currently active on the disk.
  • After the ransomware is removed, perform an analysis to see if your data was actually encrypted.
  • Normally they use RSA [Rivest-Shamir-Adleman]-2048 e AES [Advanced Encryption Standard] with 256 bits.
  • In first place, with 29% of the attacks, the invasion happens because of the download of an infected file or by clicking on a malicious link. In second place, with 21% of the cases, is the attack via RDP [Remote Desktop Protocol], which is a means of access to provide remote access to Windows machines.