We can recover files encrypted by most ransomware extensions on any storage device
WORLDWIDE SERVICES
CASES OF LOCKBIT ATTACK
CASES OF BLACK CAT ATTACK
CASES OF HIVE LEAKS ATTACK
CASES OF MALLOX ATTACK
AMOUNT SAVED FOR NOT DEALING WITH HACKERS
Recover Ransomware
Recovering ransomware has been a major challenge for specialist data recovery companies around the world due to increasingly complex and difficult to crack encryption algorithms.
According to a report from Kaspersky, a digital security company, there has been an increase in the number of ransomware attacks targeting the enterprise from January to October 2022 compared to the same period last year, up from 0.016% in 2021 to 0.026% in 2022. This corresponds to 21,400 attacks in the period. Remembering that these are only attacks planned and tailored to hit specific companies.
These attacks are a minority, usually, targeted attacks are made by large ransomware groups targeting large corporations, this tactic is known as “big-game hunting”.
The vast majority of ransomware attacks are done without a specific target, as is obvious from the research, this puts any company in the world as a potential target to be hacked and encrypted by ransomware.
Despite the great difficulty in recovering ransomware, there are few companies in the world that have managed to develop technologies that can recover encrypted files, among these companies is Digital Recovery, which has accumulated expressive numbers in recovering files encrypted by ransomware.
Why Digital Recovery?
Digital Recovery is a company specialising in ransomware recovery. We have a specialized division that can work in 24x7x365 mode dedicated to handle complex cases of ransomware attacks.
We have a specialized technical staff with good results in the recovery of databases, virtual machines, servers, storage (NAS, DAS, SAN), RAID systems, among others.
We have developed software and hardware technologies that enable us to act with precision and agility in advanced diagnostic processes and data recovery. The creation of these technologies – many of them proprietary and exclusive – has kept Digital Recovery at the forefront. One of our technologies, called Tracer, is capable of generating differentiated results in the recovery of files encrypted by ransomware.
Our solutions can be applied remotely anywhere in the world, check with our experts for possibilities.
If you require, we can also provide a Non-Disclosure Agreement (NDA) in a language of your choice. All our solutions have been developed on the basis of the General Law on Data Protection (GDPR), so that we can guarantee our customers full security.
Contact us and let us start the process to recover ransomware right now.
We are
always online
Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.
Customer experiences
What our clients say about us
"We had a serious problem after a power failure of a NAS server in Raid 5. I immediately contacted DIGITAL RECOVERY. After a few days of hard work the problem was solved."
"One of our raid servers had stopped. After several attempts without solving the problem we found DIGITAL RECOVERY and 5 hours later, at 4am, the data was recovered."
"We appointed DIGITAL RECOVERY in a special case (of data loss) in a raid 5 storage. Digital Recovery was able to recover 32 million files so our customer was extremely satisfied.”
"Without a doubt the best data recovery company in Latin America. The contact Digital Recovery will always be saved on my phone, because inevitably I will need again."
"The quality of the service is excellent. The attention given to customer service is gratifying and the feedback we receive reassures us that we can trust the work and dedication."
Customer since 2017
"Great company, they saved me from a big problem! I recommend, fast service, my thanks to the Digital Recovery team for the attention and quick solution to the problem! Show!"
"Second time that I count with the agility and professionalism of the Digital Recovery team, they are very experienced and agile. I recommend to all"
"They helped me recover some data that I had thought was lost. I had a great experience with the team for their calmness, agility and transparency."
Answers from our experts
What are the main types of ransomware?
With hundreds of ransomwares on the market and new, even more advanced versions emerging every day, we can classify ransomware into the following types:
- Crypto: encrypts the files preventing them from being used. Although the files are encrypted, it is possible for the user to boot the operating system and see the encrypted files.
- Locker: encrypts the device preventing access to it. In other words, the user will not have access to absolutely nothing else, as not even the operating system of the device can be loaded.
- Doxware: is a type of ransomware even worse than the first two. In addition to demanding the ransom, they threaten to publish your photos, confidential files and banking data on the internet. This can be devastating for businesses and individuals, especially when you don’t have the money to pay the ransom.
- Scareware: This is a type of ransomware that is considered less harmful, but it is designed to be a gateway to more powerful ransomware. When this ransomware infects a computer it slows it down and forges a message as being from the antivirus asking to install a program to delete the virus, this new program is ransomware.
- Jackware: is the most dangerous type of ransomware. It is also called Thing Ransomware (RoT). It targets attacks on systems that control cars, hospital equipment, nuclear reactors and a host of other types of equipment that have some connection to the internet. An attack like this, in addition to causing great damage, can also lead to the death of many people.
What happens if I don't pay the redemption?
Usually hackers leave threatening messages on affected machines. However if the information is not important or if you have a backup, formatting the computer and taking precautions not to get infected again will not happen. There is a new type of attack where hackers steal your information and if you do not agree to pay the ransom they threaten to share your information on the internet.
If I pay the ransom is it certain that I will receive the decryption key?
No, there is no guarantee that the decryption key will even be released after payment, there are no higher authorities to turn to in such a case. Therefore, it is recommended that payment is not made, in case of ransomware encryption, always inform the authorities and contact Digital Recovery to start the process to recover ransomware as soon as possible.
How does a Ransomware attack take place? What are the steps taken until the attack is completed?
Just as in a grand theft there is a high level of planning, so too in a cyber attack.
For a burglar to break into a house, someone has to open the door or he has to find a way to bypass the security systems. In the same way a hacker will try to get a partner inside your computer to open the door for him to enter. These accomplices can be dubious programs downloaded from the Internet or sent by email. If he is not able to infiltrate these “accomplices” the job will be much harder.
Once the program is installed on the user’s machine, the user is responsible for opening the door and informing the hacker that there is a machine available for invasion. Once this is done, the data encryption process begins.
After attacking the machine the ransomware can easily spread to infect machines on the network with servers as the main target. If servers are hacked the entire company will be affected.
Latest insights from our experts
What is Flash Memory?
Since its invention in the 1980s, Flash memory has revolutionised digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines
Data portability on magnetic tapes
Data portability on magnetic tapes consists of migrating data stored on an old tape to a tape with current technology. Data portability is vital for
What are LTO tapes? Discover the power of long-term storage
LTO tapes, the acronym for Linear Tape-Open, represent a magnetic tape data storage technology developed in the late 1990s as an open format by a
What you need to know
What precautions should I take so as not to be attacked again?
The best thing to do to guard against ransomware attacks is to hire a consulting firm with professionals who specialise in the area of IT security. But if this is not your case, simple tips can help. Here are some of them:
- Install a good anti-virus package
- Manage your passwords properly
- Do not install or download programs from unknown sources
- Be very careful when opening suspicious e-mails
If you do this, it will already help a lot in prevention.
How to prevent a ransomware attack?
I believe that it is not possible to explain this subject with a simple answer. But we will put just a few topics on the subject below. The best option is to hire a consulting firm or a professional specializing in the area of cyber security.
- Organisation – A good way to start prevention is the organisation and documentation of networks, computers and systems. Having a good documentation of the IT park can help a lot in the prevention process. Be aware of what software is allowed and used. Create rules so that common users do not install any program on computers. Know who are the computers, laptops and mobile phones that have access to the physical network and Wi-Fi of your home or business.
- Strong passwords – Do not use the same passwords for everything. Avoid birth and birthday dates. If possible install a password manager that will always suggest and store a password with a high level of difficulty to be discovered.
- Security Solutions – A good security solution includes in its package of tools a good antivirus and a series of other tools with the purpose of denouncing, preventing and neutralising cyber-attacks. The value of a safe, as well as the time and security apparatus invested to protect it is directly linked to the list of items you intend to keep inside it. If you have very valuable data on your computers then make an equivalent investment to protect your information.
- Efficient backup policies – Have a good backup policy. Regrettably we have had cases where the client when attacked by ransomware was quite reassured as their backups were properly up to date. But when returning the backup files it was discovered that they were also encrypted by ransomware. Also remember that a backup is always a second copy of the same information. The fact of making a copy of the information on an external disk and then delete the information from the computer HD does not make it a backup. Nowadays there are very safe ways of performing backups. Data centre redundant backup policies are the best.
- Be careful with email – A lot of bad stuff can get into computers through email. Establish policies so that the emails used in the company are only for professional purposes. You can also configure security applications to not allow links and files attached to emails to be downloaded, opened or accessed.
- Beware of software cracking programs – Software cracking programs are always from dubious sources. But what are they and what is the purpose of these programs? Imagine you download the demo version of a particular program. But after a few days of use the program stops working because the demo period has expired. The way to continue using the program is to buy a legal copy of it. But usually there are sites on the internet that can provide you “free” software that will crack your software to make it work as if you had bought the original version. Be very careful with these programs. It is hard to believe that someone will create such a program and not want anything in return. If this program opens a virtual door in your computer to be accessed after 6 months you will never suspect that the attack came from a Trojan horse that entered your computer six months ago.
Are there any special times or dates when ransomware attacks are most frequent?
Yes. Holidays and weekends are the preferred days for cyber attacks. The reason for this is because on holidays and weekends there are far fewer people active in computer network security.
What should I do when I realise I am suffering from a ransomware attack?
- Shut down your computer immediately
- A ransomware attack can take anywhere from a few minutes to a few hours. Depending on the amount of data a user or server has it can take a long time to encrypt the data. If you notice that something is wrong and the symptoms are of a ransomware attack shut down the computer immediately, as the attack may still be in the beginning and by doing so you prevent further information from being encrypted.
- Disconnect the machine from the network.
- This stops the attack from spreading to other computers if you are connected to a company network or home network.
- Remove the hard drive from the machine and install it on another machine as a secondary hard drive.
- To be safe, the machine that receives the infected hard drive must be isolated from the network, without internet, without any information that could eventually also be encrypted and with an updated anti-virus with an updated ransomware specific package.
- If you do not have experience, call a technician to perform these procedures.
- Scan the hard drive that suffered the ransomware attack to remove the malware, ransomware and other possible pests currently active on the disk.
- After the ransomware is removed, perform an analysis to see if your data was actually encrypted.
What is the most common means of access used by hackers to break into environments?
- In first place, with 29% of the attacks, the invasion happens because of the download of an infected file or by clicking on a malicious link. In second place, with 21% of the cases, is the attack via RDP [Remote Desktop Protocol], which is a means of access to provide remote access to Windows machines.
