Data Recovery by Solution

Data Recovery from Ransomware Attack

According to Cybersecurity Ventures predictions, a new business was victim to ransomware every 11 seconds back in 2021 and will continue to rise the next years and reach every two seconds by 2031. When time is of the essence and next steps are uncertain, organisations should consult with the experienced professionals at Ontrack to determine their best course of action.

Ontrack delivers world-class data recovery for all types of storage including: hard drives, solid-state drives (SSD), servers, NAS, SAN, virtual machines, cloud, mobile devices and tape.


If your organisation might be affected by ransomware:

  • Contain the attack by disconnecting infected machines from the network.
  • Contact us as early as possible. Our team will provide a free consultation and advise on options for data recovery and how to prevent further potential data loss.
  • Avoid do-it-yourself attempts to decrypt the affected data. Doing so could make future recovery attempts impossible.

What to Do When You’re Under a Ransomware Attack

If you find yourself infected by ransomware, you need first to find out what kind of ransomware it is before moving forward.

If you can’t get past a ransomware note on your screen, you probably have been infected by screen-locking ransomware. If you can browse through your apps but can’t open your files, movies etc., you have been hit with encrypting ransomware – the worst scenario of the two. If you can navigate your system and read all your files, then you have probably hit with a fake version of ransomware that is just trying to scare you into paying. Even with the best precautions and policies in place, you may still suffer from an attack. In the event your data is held hostage by Ransomware, we recommend the following:


Remain calm. Rash decisions could cause further data loss

For example, if you discover an infection and suddenly cut power to a server, versus powering it down properly, you could lose data in addition to the infected data.


Never pay the ransom because attackers may not unlock your data

There are many cases of victims paying the ransom demanded and not receiving their data back in return. Rather than running this risk, companies should work with data recovery experts who may be able to regain access to data by reverse-engineering the malware.


Check your most-recent set of backups

If they are in-tact and up-to-date, the data recovery becomes easier to restore them to a different system.


Contact an expert to explore recovery options

An expert data recovery specialist will examine your scenario to see if they have a solution already in place; if not, they should be able to develop one in time.

Why Ontrack Data Recovery

Gray-Hard Drive 3 Any Time

Multiple Service Offerings

Ontrack offer's flexible service offerings to meet your unique needs and budgetary considerations. Our experts are on standby 24/7/365.

Gray-Complete Transparency

Complete Transparency

We want you to have control over your data recovery process. You'll know exactly what can be recovered before paying.

Gray-Raid 14 unrivaled Global

Unrivaled Global Expertise

Backed by the world’s largest R&D team, we have the knowledge and ability to address your unique data recovery needs.

Ransomware Data Recovery Services

Ontrack has developed a specialised collection of proprietary tools to recover data from ransomware-encrypted systems, virtual machines, backup files, tapes and other storage media. With labs located around the world, help is available 24/7 from our knowledgeable team with vast experience in all types of data loss situations.

Gray-1 Decryption


  • 130+ Decrypters
  • Specialised collection of proprietary tools developed to recover data encrypted by ransomware
File Recovery

File Recovery

  • Virtual Disk Repair
  • Database Repair
  • Backup File Repair
Gray-3 Volume Recovery

Volume Recovery

  • All type supported (SAN, NAS, Server)
  • Deleted File Recovery
  • Copy On Write File Systems (NetApp WAFL, ZFS, etc.)
Gray-4 Backup Recovery

Backup Recovery

  • Full Tape Support (LTO, DLT, etc.)
  • Veeam Specific Tools (deleted and encrypted files)
  • VAll Backup Formats (Commvault, TSM, Networker, etc.)

What Our Customers Say About Our Data Recovery Services

TrustScore /5

Displaying 4-5 Reviews


4-Step Data Recovery Process

We ensure that our process is transparent, quick and safe. You’ll be informed every step of the way for complete peace of mind.

English 1 chatIcon


Contact us 24/7 worldwide to obtain a free data recovery consultation and written price quote.

English 2 Free Evaluation

Free Evaluation

The entire evaluation process is transparent with no hidden costs. Once we receive your device, our engineers recommend the best solution, send a fixed price quote and an overview of service levels and delivery schedules.

English 3 chatIcon

Data Recovery

With your approval, we recover your data based on your chosen service level. Through our secure portal you can track the status of your recovery and view a list of recoverable files.

This is the number 4 Box

Data Return

Once your data has been recovered, we’ll send it back to you on an encrypted external device via next day delivery.

Gray-9 Trends 1

The number of attacks is down, but the severity, size and payments for each attack are up​.

Gray-1 Decryption

Only 50% of the victims that pay the ransom are able to decrypt all of their critical files.

Gray-11 Trends 3

Attacks are targeting file shares, critical infrastructure and backups including cloud​.

Gray-7 Recover

Cyber Insurance is paying a significant number of claims including data recovery.

Top Ransomware Threats to Your Organisation

Top Ransomware Threats to Your Organisation in 2021

  • Maze
  • REvil
  • Tycoon
  • TrickBot
  • Qakbot trojan
  • PonyFinal
  • Mailto (aka Netwalker Ransomware)
  • Ragnar Locker
  • Zeppelin
  • TFlower
  • MegaCortex
  • ProLock
  • DoppelPaymer
  • Thanos

If you find yourself under attack from ransomware, contact the experts at Ontrack to help you gain access to your data.

Ransomware Webinar

This webinar, co-hosted with NetApp, details how to mitigate the risk of a ransomware attack, why and when to involve a data recovery company, and how Ontrack can help.

This 45-minute webinar covers:

  • The history and evolution of ransomware
  • The scale of the current ransomware threat - including the results of a recent Ontrack investigation
  • Success stories of data recovery following a ransomware attack
  • Find out how NetApp can help prevent ransomware attacks
  • How to recover data from point of infection from a snapshot
  • Scenarios that lead to successful recovery
  • Levels of effort and difficulty depending on the ransomware

How Fast Do You Need Your Data Back?

Our team of trusted experts are on standby to help. We offer flexible service offerings to meet your unique needs and budgetary considerations.



10 business days



Average of 3 business days



Average of 12-24 hours

Frequently Asked Questions

How are ransomware attacks performed?

The extension hardly distinguishes itself from the other malicious programs: for example, manipulated websites, a link from a spam email or an existing message about a social network and embedding them in a system. In many cases, the perpetrators send emails that contain a suspected delivery note or collection debt. In truth, the attached file does not contain any relevant information, except the damage code.

How does ransomware spread, and do you get infected by ransomware?

Spear-PhishingThe most common delivery system for ransomware is a phishing email that includes an attachment or a link. When the user opens the attachment or clicks the link, the ransomware runs a program that locks the system, and displays a demand for payment. When this happens, the only way to decrypt the data is through a mathematical key only known by the attacker.There have also been cases where malware will display a message claiming that the user's 'Windows' is locked. The user is then encouraged to call a "Microsoft" phone number and enter a six-digit code to reactivate the system. The message alleges that the phone call is free, but this isn't true. While on the phone calling the fake 'Microsoft', the user racks up long-distance call charges.Remote access points McAfee researchers observed while cybercriminals are still using spear-phishing tactics, an increasing number of attacks are gaining access to a company that has open and exposed remote access points, such as RDP and virtual network computing (VNC). RDP credentials can be brute-forced, obtained from password leaks, or simply purchased in underground markets. Where past ransomware criminals would set up a command and control environment for the ransomware and decryption keys, most criminals now approach victims with ransom notes that include an anonymous email service address, allowing bad actors to remain better hidden

How does ransomware work?

Ransomware is malware that blocks the operating system or entire server or encrypts existing data. The perpetrators are squeezing their victims by making clear that the data has only been released and made available after a ransom payment.

How much does ransomware cost an organization?

Figures from Datto show that ransomware costs businesses on average, $75 billion a year; this includes the ransom itself, subsequent recovery efforts, organizational and IT initiatives to protect the organization from further attacks, as well as downtime, forensic investigation, training costs, restoration, and loss of revenue/productivity. More conservative estimates by Cybersecurity Ventures places ransomware damage at more than $11.5 billion in 2019, which is a startling rise from a modest $325 million four years ago. Whether the figure is $75 billion or $11.5 billion, the devastation is very real to those experiencing ransomware. In May of 2019, for example, the City of Baltimore was shut out of government systems for over a month. Vital systems for vaccine production, ATMs, airports, and hospitals were all impacted. Although the ransomware demand was $76,000, the recovery price tag amounted to nearly $20 million.

Our virtual machine is infected with ransomware. Can Ontrack help?

Ontrack has invested in the continued development of proprietary software to recover data from ransomware-infected storage systems, virtual machines, backup files, tapes, and other storage media.Ransomware incidents vary on the type of payload, and data recovery can be complex. Ontrack provides the best possible solutions for data recovery success.

Experiences that matter

Ontrack has extensive experience with all types of data loss scenarios. Our goal is to provide our customers with peace of mind in the event of data loss due to hardware failure, human error, natural disasters or cyberattacks.



In the business



Customers and growing



Of recovered data


Of data files recovered over the last twenty years... and more and more every day!

Start your data recovery now with a free consultation.

Contact our team of experts.

KLDiscovery Ontrack Limited, Nexus, 25 Farringdon Street, London, EC4A 4AB, United Kingdom (see all locations)