Great Britain | English Locations

+44 (0)13 7274 1999 Start Your Recovery
+44 (0)13 7274 1999
+44 (0)13 7274 1999
Start Your Recovery

Data Recovery by Solution

Data Recovery After Ransomware Attack

A ransomware cyber-attack causes tremendous crisis in all parts of an organization. Time is running out and the next steps are uncertain. That's when you want the best data recovery specialist on your team. Save your business!

As globally recognized data recovery specialists, Ontrack have been rescuing data since 1985. Essential Incident Response component reduces the impact of cyber-attack. Call immediately for assistance!

blue-stopsign

If your organisation might be affected by ransomware:

  • Contain the attack by disconnecting infected machines from the network.
  • Contact us as early as possible. Our team will provide a free consultation and advise on options for data recovery and how to prevent further potential data loss.
  • Avoid do-it-yourself attempts to decrypt the affected data. Doing so could make future recovery attempts impossible.
+44 (0)13 7274 1999 Start Your Data Recovery

Ransomware Data Recovery Process

Early expert evaluation is critical to understand your options dealing with an attack.

Ontrack assists businesses, IT service providers, and cyber incident specialists in recovering data from ransomware-encrypted or wiped servers, virtual machines, backups, tapes, and other storage media. Utilizing a unique set of proprietary tools, Ontrack offers 24/7 global support through its expert team, which has been handling compromised data since 1985.

Every ransomware incident is unique and varies in complexity, but data recovery is often possible. The success of recovery depends on the type of ransomware executed, the affected hardware, and the initial steps taken after discovery. Our approach starts with a no cost consultation.

Consultation: 

We’ll quickly assemble a team and set up a conference call with your crisis team. This ensures swift, direct access to experts. A dedicated data recovery specialist will serve as your main point of contact, guiding you through the process and coordinating regular communication updates. Meanwhile, a lead data recovery engineer will assess the technical aspects of the incident.

Ontrack is the Only Solution Provider

For all types of data loss scenarios:

Gray-1 Decryption

Data recovery 

Using a specialized suite of proprietary tools, combined with our deep expertise, we recover your data and safeguard your business.

  • Any OS/filesystem including Copy On Write File Systems (NetApp WAFL, ZFS, etc.) SAN OS.
  • (Virtual) Volume, LUN, data store recovery.
  • Deleted file recovery.
  • Virtual Disk Repair.
  • File repair like Database Repair and Backup File Repair.
File Recovery

Backup Recovery

Cybercriminals often target and destroy backups and backup servers.

  • We recover your factory reset or deleted NAS. 
  • We recover your formatted initialized backup tapes from the tape library
  • We can restore from any Tape type (LTO, DLT, etc.) and all backup Formats (VEEAM, Commvault , TSM, Networker, Acronis etc.) even if catalogue is missing and often faster than doing it yourself.
  •  Specific tools (damaged, deleted and encrypted files)
Gray-3 Volume Recovery

Help with decryption

We do not buy keys.  

But keys can be available, or we look for ways around it with a specialized collection of proprietary tools developed to recover data encrypted by ransomware.

With a wide and deep range of unique proprietary data recovery tools and methodologies:

Layers of RAID Data Loss

Data loss can happen across various layers. Ontrack utilizes patented technology and specialized methods to navigate these different layers of data block organization. With the ability to seamlessly switch between them and backed by the extensive experience of our global data recovery team, Ontrack is uniquely equipped to handle ransomware data recovery.

Offering JIT development capabilities for custom build recovery tools for the "impossible":

D1-V2-SM-ONT-US_Laptop-Recovery_Oct-2024

Ontrack’s dedicated team of engineers has unmatched expertise in developing JIT (Just-in-Time) custom-built recovery tools for even the most complex infrastructures. Whether you manage an advanced enterprise storage system, depend on cloud data, use outdated legacy systems, or operate within a specialized niche infrastructure, Ontrack is here to assist.

Each JIT custom recovery project is tailored to the specific needs of your organization

Start Your Data Recovery Now

Some Of Our Successful Ransomware Recovery Stories

30 September 2024 07:47:11 EDT

Emergency Recovery for School District with Large Tape Backup

The customer A metropolitan US school district The challenge The school district containing 165 schools was shut down by

29 August 2024 03:41:26 EDT

Cyberattack on VMware Datastore and Virtual Backups

Challenge The customer was the victim of a cyberattack. Fortunately, the unusual activity was detected in a timely manne

29 August 2024 03:34:48 EDT

Merge files of damaged backup with corresponding virtual files

Challenge An international manufacturing company and supplier for airport transportation was hit by a cyberattack. Follo

29 August 2024 03:21:53 EDT

Rescued MS SQL database from encrypted virtual backup on QNAP

Challenge A leading high tech incubator construction company suffered from a ransomware cyberattack. The attack was quic

29 August 2024 03:12:22 EDT

Data Recovery from Malware-Infected Virtual Files

Challenge The customer suffered a cyberattack that left 100 servers partially encrypted. The ransom demanded by the hack

05 August 2024 10:00:54 EDT

Taking Advantage of Hackers’ Mistakes in a Ransomware Attack

The challenge One of the most active Ransomware-as-a-Service threat actors in the world, Black Basta which is known for

Why Ontrack Data Recovery

Gray-Hard Drive 3 Any Time

Multiple Service Offerings

Ontrack offer's flexible service offerings to meet your unique needs and budgetary considerations. Our experts are on standby 24/7/365.

Recovery Process
Gray-Complete Transparency

Complete Transparency

We want you to have control over your data recovery process. You'll know exactly what can be recovered before paying.

Customer Portal
Gray-Raid 14 unrivaled Global

Unrivaled Global Expertise

Backed by the world’s largest R&D team, we have the knowledge and ability to address your unique data recovery needs.

Data Recovery by Ontrack

What Our Customers Say About Our Data Recovery Services

4-Step Data Recovery Process

We ensure that our process is transparent, quick and safe. You’ll be informed every step of the way for complete peace of mind.

Consultation Consultation

Consultation

Free consultation with quick and direct access to specialists. Contact our experts directly for comprehensive data recovery advice and a no obligation quote. Available 24/7 for business emergencies.

Evaluation Evaluation

Evaluation

After receiving your storage device, our experienced engineers will undertake an in-depth evaluation. We aim to quickly provide you information on how much data we expect to be able to save, how long it will take and at what fixed costs. Sometimes a more extensive diagnosis is necessary, and we will communicate your options to you at every step.

Data Recovery Data Recovery

Data Recovery

With your approval, we recover your data based on your chosen service level. Through our secure portal you can track the status of your recovery.

Data Return Data Return

Data Return

Once the data has been recovered, we will send it back to you in the agreed manner and encrypted on an external storage device.

+44 (0)13 7274 1999 Start Your Data Recovery

Close Cooperation With Manufacturers.

Many of the world's leading hardware and software vendors choose to partner with Ontrack as the world leader in data recovery and data management solutions.

logo_hp-1
logo_netapp
logo_dellemc
logo_ibm
logo_vmware
logo_dell-1
raid-recovery

Have You Fallen Victim to Ransomware And Lost Your Veeam Backup Files?

Ontrack is your go-to for recovery damaged Veeam backup systems. When Veeam backup data is no longer available, things can quickly go wrong. We know how important your backups are and can help you recover and rescue your data.

  • Do you have hardware damage and can no longer access your Veeam backup data?
  • Have your VBK or VIB files been accidentally deleted or erased?
  • Is there a problem restoring your Veeam Backup files?
Read More
tape-services01

Backup system victim to human error, sabotage or cyber attacks

Having trouble restoring your data from backup? We'll help you get your data back. Ontrack's team of data recovery experts have experience and in-house developed tools to recover original files or data from backup that appears to have been lost through accidental deletion, formatting, malware, ransomware or corruption.

Read More
Information Security

Information Security

We invest significant resources to protect your most sensitive electronically stored information (ESI). 

  • ISO/IEC 27001-Certified 
  • SOC 2® Certified 
  • HIPAA Security Rule Compliance 
  • Accreditation Under the EU-US and Swiss-US Privacy Shield Frameworks 
  • Multi-Zoned, Segmented Networks 
  • Role-Based Access Controls 
  • Redundancy Across Critical Systems 
  • Annual Third-Party Penetration Tests and Monthly Vulnerability Scans 

KLDiscovery’s data centers feature multiple layers of security and safety devices—including 24x7 monitoring—to protect the integrity of critical data. 

Information Security

Top Ransomware Threats for Your Organization

ransomware-1

Some of the Top ransomware threats for your organization that Ontrack have seen in 2024.

  • Akira
  • Cactus
  • Data Flocker
  • DiskStation security*
  • Faust
  • Hunter international
  • Lockbit
  • Medusa
  • Phobos
  • Play
  • RA group
  • Sojusz
  • STOP Djvu
  • Wiper

*Quick Security, LegendaryDisk Security and DiskStation Security appear to be related to 7even Security and Umbrella Security (NAS) ransomware which leaves similar ransom notes.

This list is not exhaustive, as we see many new Ransomware types and variants released every day, week and month.

If you have been impacted by a Ransomware variant that is not listed here, please contact us.  We have a proven track record of dealing with unique requests and an experienced development team that can help with finding a solution for  your specific requirements.

If you find yourself under attack from ransomware, contact the experts at Ontrack to help you regain access to your data.

 

Gray-9 Trends 1

The number of attacks is down, but the severity, size and payments for each attack are up​.

Gray-1 Decryption

Only 50% of the victims that pay the ransom are able to decrypt all of their critical files.

Gray-11 Trends 3

Attacks are targeting file shares, critical infrastructure and backups including cloud​.

Gray-7 Recover

Cyber Insurance is paying a significant number of claims including data recovery.

How Fast Do You Need Your Data Back?

Our team of trusted experts are on standby to help. We offer flexible service offerings to meet your unique needs and budgetary considerations.

Emergency

Emergency

Average of 12-24 hours

Priority

Priority

Average of 3 business days

Standard

Standard

10 business days

+44 (0)13 7274 1999 Start Your Data Recovery

Frequently Asked Questions

Is Ransom Encrypted data lost?

Ransomware encrypted data is not always lost. Ontrack has a wealth of self-developed tools and work processes to recover data affected by cyber-attacks from corporate IT infrastructures without paying a ransom.

Can Ontrack recover from a server infected with ransomware?

Ontrack's investment in the development of specialized software allows us to recover data from ransomware-encrypted systems, virtual machines, backup files, tapes, and other storage media.Ransomware incidents vary on the type of payload, and data recovery can be complex. Ontrack provides the best possible solutions for data recovery success.

Our virtual machine is infected with ransomware. Can Ontrack help?

Ontrack has invested in the continued development of proprietary software to recover data from ransomware-infected storage systems, virtual machines, backup files, tapes, and other storage media.Ransomware incidents vary on the type of payload, and data recovery can be complex. Ontrack provides the best possible solutions for data recovery success.

How are ransomware attacks performed?

The extension hardly distinguishes itself from the other malicious programs: for example, manipulated websites, a link from a spam email or an existing message about a social network and embedding them in a system. In many cases, the perpetrators send standard looking emails that contain about delivery or collection debt. In truth, the attached file does not contain any relevant information, except the damage code. From there the attackers start their work. The Lockheed Martin Cyber Kill Chain® framework illustrates what the adversaries must complete to achieve their objective. MITRE ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

How does ransomware spread, and do you get infected by ransomware?

(Spear) Phishing mail The most common delivery system for ransomware is a phishing email that includes an attachment or a link. For individual machines when the user opens the attachment or clicks the link, the ransomware runs a program that locks the system, and displays a demand for payment. When this happens, the only way to decrypt the data is through a mathematical key only known by the attacker. There have also been cases where malware will display a message claiming that the user's 'Windows' is locked. The user is then encouraged to call a "Microsoft" phone number and enter a six-digit code to reactivate the system. The message alleges that the phone call is free, but this is not true. While on the phone calling the fake 'Microsoft', the user racks up long-distance call charges. Infected Webpages and Malvertising/Adware Infected URLs are commonly used to distribute ransomware. Clicking on one of these links, whether through an email or an unverified website, can automatically trigger a ransomware download to your hard drive, also known as a “drive-by download.” Just visiting the site without even downloading anything can lead to a ransomware attack. Remote access points (RDP) Ann increasing number of attacks are gaining access to a company that has open and exposed remote access points, such as RDP and virtual network computing (VNC). RDP credentials can be brute-forced, obtained from password leaks, or simply purchased in underground markets. Where past ransomware criminals would set up a command and control environment for the ransomware and decryption keys, most criminals now approach victims with ransom notes that include an anonymous email service address, allowing bad actors to remain better hidden. For more sophisticated attacks this is just the start of a series of events as described in the Lockheed Martin Cyber Kill Chain® framework and MITRE ATT&CK® knowledge base.

Resources from the Blog

04 July 2025 03:27:04 EDT

Erasure verification: Does my organization need it?

Most organizations have protocols in place for data sanitization at end of life, but how can they be certain that every

07 April 2025 07:07:06 EDT

Ontrack to the Rescue: Mac Data Recovery

First, There Was a Fire

07 April 2025 06:35:27 EDT

How Can I Recover Data From A Computer That Won't Boot?

There are several possible causes of start-up problems. Your computer may no longer start up. Or the PC may turn on, but

07 April 2025 06:34:45 EDT

How to Recover Files After Formatting

When accidental formatting occurs, it's best to immediately disconnect the storage device to prevent any unintended writ

07 April 2025 06:32:10 EDT

Long Term Archiving: Backup for Eternity - Part 3

Which storage media is best for long-term archiving? This week: Floppy disks and optical media!

07 April 2025 06:31:44 EDT

Long Term Archiving: Backup for Eternity - Part 2

Which storage media is best for long-term archiving? This week: HDD, SSD and Flash-based USB!

Related Data Recovery Services

Server Recovery

Get failed servers back up and running again and recover lost data.

RAID Recovery

Repair, recover, and reconstruct RAID data that has become inaccessible.

NAS Recovery

Recover data from any network-attached storage (NAS) configurations.

Database Recovery

Recover critical information from your database with 24/7 support.

Hard Drive Recovery

Retrieve lost data from any model, brand, or operating system.

Desktop Recovery

Retrieve desktop data from any operating system, make, or model.

Experiences that matter

Ontrack has extensive experience with all types of data loss scenarios. Our goal is to provide our customers with peace of mind in the event of data loss due to hardware failure, human error, natural disasters or cyberattacks.

40

Years

In the business

1

Million+

Customers and growing

120

Petabytes+

Of recovered data

73,661,023,683

Of data files recovered over the last twenty years... and more and more every day!

Start your data recovery now with a free consultation.

Contact our team of experts.

Start Your Data Recovery
Services
Products
Resources
About

KLDiscovery Ontrack Limited, Nexus, 25 Farringdon Street, London, EC4A 4AB, United Kingdom (see all locations)

© 2025 KLDiscovery Ontrack - All Rights Reserved.