Ransomware data recovery
Our data and cyber recovery teams are here to help you get back up and running quickly after a cyber attack.
Fast, highly secure remote data recovery.
Customized solutions tailored to your company's specific needs
Priority to data security: French laboratory for over 20 years.
How to deal with a ransomware attack
Faced with the growing threat of ransomware, companies need to rely on multidisciplinary expertise. The combination of data recovery, IT and cybersecurity skills is essential to successfully carry out decryption operations and restore compromised systems.
Step 1: Follow the recommended immediate measures
Switch off all media containing backups, disconnect servers from the Internet.
Check the integrity of backups to restore data
Back up encrypted data on an external disk or NAS (prioritize backups and virtual machines) DO NOT RESET the system: reinstalling servers prevents data recovery. These backups can be used for data recovery and digital forensics.
Keep all evidence of the attack – don’t delete any files, and document early indicators of compromise (IOCs).
Report the crime to the appropriate authorities, police or gendarmerie.
A quick call to one of our data recovery consultants can save a lot of headaches and increase the chances of restoring your data.
Step 2: Choose the services to support you
You can manage this on your own, or you can call on the services of our partners.
Ransomware :
Retrieve your “paralyzed” data and prevent the dissemination of any stolen data!
Extortion level 1: Data encryption
- Data recovery with SOSRansomware. Depending on the type of ransomware, our technicians will take different steps to decrypt it and recover your data. Using known decryptors and public keys speeds up the recovery process.
- Negotiation assistance in the event of unsuccessful data recovery (service provided by one of our partners)
Extortion level 2: Dissemination of stolen data on the Darkweb
- Negotiation assistance to prevent distribution (service provided by one of our partners)
- If no payment: list distributed data
How we recover and restore data encrypted by ransomware
Computer systems are composed of multiple complex layers, making them vulnerable to rapid and sophisticated attacks by cybercriminals.
We use proprietary software to implement four data recovery techniques: decryption, recovery of deleted data, reverse engineering of encryption algorithms and repair of damaged files.
They’ve broken into your system, we find the flaw in their actions.
For security reasons, we voluntarily limit the disclosure of detailed information about our specific tools.
Our process
Files are received in a totally secure way.
We assess the level of damage caused by the ransomware.
We process your files using proprietary technologies.
Validate file integrity with our Diagview tool
How fast do you need your data?
We offer flexible service packages to meet your unique needs and budgetary considerations.
- On-call processing
- 365/24
- Dedicated team
- Average 1 to 3 working days
- within working hours
- 1 dedicated engineer
- Average 3-7 working days
- Within working hours
- 1 shared engineer
- Average 7 to 14 working days
Two main backup recovery modes:
in the lab or remotely
Our 10 Gb/s access allows us to be very responsive and fast during exchanges, in the event of remote retrieval. Security is our top priority: we use the SFTP protocol exclusively for transfers. File integrity is checked on arrival, so you can be sure of 100% identical files.
This type of recovery is becoming increasingly common in our business. The advantage is that there's no need to physically transport the machines or disks, so there are logistical savings and no risk of damage in transit. There are no customs issues to consider... Your server can remain online if services are running on it.
The majority of our rescues still take place in our laboratories. The main advantage: we have more recovery options with physical servers than with downloaded files. Laboratory recovery is indispensable in cases of deletion where data has actually been deleted.
Request a free consultation
Leading experts at your service 24/7/365 If you suspect a data loss or network breach, or are looking for ways to test and improve your cybersecurity, our team can help.
FAQ
Frequently asked questions
In the face of cyberattacks, this FAQ has been designed to give you clear, concise answers to the most frequently asked questions about ransomware and how we can help. From prevention to data recovery after an attack, find out how to react, recover your data and strengthen your digital defense…
Immediately contact our emergency hotline (24/7/365)
- If you suspect a ransomware attack, contact the emergency experts immediately at the following numbers: +336 08 68 94 98 or +331 84 604 112
- The on-call team will respond as quickly as possible, usually within 2 hours.
- Discuss priority needs and affected technologies.
Reception, Cloning and Diagnostics
- The team will immediately start cloning the affected disks using a secure procedure.
- A rapid analysis will be carried out to determine the extent of the damage.
- The team will provide an estimate of the chances of successful recovery.
Data Recovery
- Affected files will be extracted from servers or NAS systems.
- A complete list of recovered files will be compiled.
- The customer will validate the recovered files.
- The recovered data will be securely returned to the customer.
It's essential to act quickly in the event of a ransomware attack to maximize the chances of successful recovery.
Our offer is based on several criteria:
Capacity: volume of data to be processed (capacity of storage media, number of files, etc.).
Technologies: file system, operating system, virtualization system, backup software...
Reactivity: two levels of service (on-call or emergency)
Our cost is generally between two and ten times less than the ransom cost.
Network isolation: As soon as a computer appears infected, immediately disconnect it from the network and any external storage to prevent the ransomware from spreading.
Identifying the infection: Use tools like ID Ransomware or No More Ransom to determine the type of ransomware and understand how it spreads.
Caution when intervening: Avoid any hasty action on servers, such as reformatting or using antivirus software, which could compromise data recovery.
Backup management :
- stop automatic backups: this prevents data being overwritten by corrupted files.
- Safe handling of backups: Use only safe, isolated machines to check your backups, and avoid restoring to an infected server.
- Reaction to sabotaged backups: If your backups have been altered in the attack, stop all affected hardware to prevent further damage.
Get help from data recovery experts:
- If your backups are failing, a specialized data recovery lab may be a viable solution. The aim is not necessarily to decrypt infected files, but to find usable data from the various storage sources. Each case of attack is unique and requires an audit of the storage systems.
By following these steps, you'll maximize your chances of effectively managing a ransomware attack and recovering your data.
- Evaluate impacted data: If storage systems are infected, it's crucial to list and evaluate lost data. You need to determine the type of files, the criticality of the data, the services and users most affected, and the storage location.
- Call in a specialized lab: A data recovery lab may be able to recover files from servers or backups attacked by ransomware.
The chances of recovery may vary depending on the nature of the ransomware, the actions taken immediately after the attack, and the expertise of the data recovery lab consulted. Beware, however, that poor prior handling can reduce the average recovery success rate by 28%.
A specialised service from Recoveo
Our other areas of expertise
We have over 20 years’ experience in data recovery. Call on the French leader, our expertise allows us to provide you with a high level response.
Raid system data recovery
Database recovery
Virtual Machine Recovery
Recovery of storage systems
Ransomware
Backup
Files
Remote