Data Recovery by Solution

Data Recovery from Ransomware Attack

According to Cybersecurity Ventures predictions, a new business was victim to ransomware every 11 seconds back in 2021 and will continue to rise the next years and reach every two seconds by 2031. When time is of the essence and next steps are uncertain, organizations should consult with the experienced professionals at Ontrack to determine their best course of action.

Ontrack delivers world-class data recovery for all types of storage including: hard drives, solid-state drives (SSD), servers, NAS, SAN, virtual machines, cloud, mobile devices and tape.

blue-stopsign

If your organization might be affected by ransomware:

  • Contain the attack by disconnecting infected machines from the network.
  • Contact us as early as possible. Our team will provide a free consultation and advise on options for data recovery and how to prevent further potential data loss.
  • Avoid do-it-yourself attempts to decrypt the affected data. Doing so could make future recovery attempts impossible.

What to Do When You’re Under a Ransomware Attack

If you find yourself infected by ransomware, you need first to find out what kind of ransomware it is before moving forward.

If you can’t get past a ransomware note on your screen, you probably have been infected by screen-locking ransomware. If you can browse through your apps but can’t open your files, movies etc., you have been hit with encrypting ransomware – the worst scenario of the two. If you can navigate your system and read all your files, then you have probably hit with a fake version of ransomware that is just trying to scare you into paying. To better understand what to do when you’re hit with both screen-locking and encrypting ransomware, we recommend the blog What is ransomware, and how do you prevent it? Even with the best precautions and policies in place, you may still suffer from an attack. In the event your data is held hostage by Ransomware, we recommend the following:

1

Remain calm. Rash decisions could cause further data loss

For example, if you discover an infection and suddenly cut power to a server, versus powering it down properly, you could lose data in addition to the infected data.

2

Never pay the ransom because attackers may not unlock your data

There are many cases of victims paying the ransom demanded and not receiving their data back in return. Rather than running this risk, companies should work with data recovery experts who may be able to regain access to data by reverse-engineering the malware.

3

Check your most-recent set of backups

If they are in-tact and up-to-date, the data recovery becomes easier to restore them to a different system.

4

Contact an expert to explore recovery options

An expert data recovery specialist will examine your scenario to see if they have a solution already in place; if not, they should be able to develop one in time.

Why Ontrack Data Recovery

Wallet

Flexible Payment Options

We understand data recovery is often an unexpected need, which is why we offer extended payment plan options through Affirm.

Gray-Hard Drive 3 Any Time

Multiple Service Offerings

Ontrack offer's flexible service offerings to meet your unique needs and budgetary considerations. Our experts are on standby 24/7/365.

Gray-Complete Transparency

Complete Transparency

We want you to have control over your data recovery process. You'll know exactly what can be recovered before paying.

Gray-Raid 14 unrivaled Global

Unrivaled Global Expertise

Backed by the world’s largest R&D team, we have the knowledge and ability to address your unique data recovery needs.

Ransomware Data Recovery Services

Ontrack has developed a specialized collection of proprietary tools to recover data from ransomware-encrypted systems, virtual machines, backup files, tapes and other storage media. With labs located around the world, help is available 24/7 from our knowledgeable team with vast experience in all types of data loss situations.

Gray-1 Decryption

Decryption

  • 130+ Decrypters
  • Specialized collection of proprietary tools developed to recover data encrypted by ransomware
File Recovery

File Recovery

  • Virtual Disk Repair
  • Database Repair
  • Backup File Repair
Gray-3 Volume Recovery

Volume Recovery

  • All type supported (SAN, NAS, Server)
  • Deleted File Recovery
  • Copy On Write File Systems (NetApp WAFL, ZFS, etc.)
Gray-4 Backup Recovery

Backup Recovery

  • Full Tape Support (LTO, DLT, etc.)
  • Veeam Specific Tools (deleted and encrypted files)
  • VAll Backup Formats (Commvault, TSM, Networker, etc.)

What Our Customers Say About Our Data Recovery Services

TrustScore /5

Displaying 4-5 Reviews

reviews

4-Step Data Recovery Process

We ensure that our process is transparent, quick and safe. You’ll be informed every step of the way for complete peace of mind.

1 chatIcon

Consultation

Contact us 24/7 worldwide to obtain a free data recovery consultation and written price quote.

2 Magnifying

Free Evaluation

The entire evaluation process is transparent with no hidden costs. Once we receive your device, our engineers recommend the best solution, send a fixed price quote and an overview of service levels and delivery schedules.

3 chatIcon

Data Recovery

With your approval, we recover your data based on your chosen service level. Through our secure portal you can track the status of your recovery and view a list of recoverable files.

4 Box

Data Return

Once your data has been recovered, we’ll send it back to you on an encrypted external device via next day delivery free of charge.

Gray-9 Trends 1

The number of attacks is down, but the severity, size and payments for each attack are up​.

Gray-1 Decryption

Only 50% of the victims that pay the ransom are able to decrypt all of their critical files.

Gray-11 Trends 3

Attacks are targeting file shares, critical infrastructure and backups including cloud​.

Gray-7 Recover

Cyber Insurance is paying a significant number of claims including data recovery.

Top Ransomware Threats to Your Organisation

Top Ransomware Threats to Your Organisation in 2021

  • Maze
  • REvil
  • SNAKE (EKANS)
  • Tycoon
  • TrickBot
  • Qakbot trojan
  • PonyFinal
  • Mailto (aka Netwalker Ransomware)
  • Ragnar Locker
  • Zeppelin
  • TFlower
  • MegaCortex
  • ProLock
  • DoppelPaymer
  • Thanos

If you find yourself under attack from ransomware, contact the experts at Ontrack to help you gain access to your data.

Ransomware Webinar

This webinar, co-hosted with NetApp, details how to mitigate the risk of a ransomware attack, why and when to involve a data recovery company, and how Ontrack can help.

This 45-minute webinar covers:

  • The history and evolution of ransomware
  • The scale of the current ransomware threat - including the results of a recent Ontrack investigation
  • Success stories of data recovery following a ransomware attack
  • Find out how NetApp can help prevent ransomware attacks
  • How to recover data from point of infection from a snapshot
  • Scenarios that lead to successful recovery
  • Levels of effort and difficulty depending on the ransomware

How Fast Do You Need Your Data Back?

Our team of trusted experts are on standby to help. We offer flexible service offerings to meet your unique needs and budgetary considerations.

Standard

Standard

Average of 7-14 business days

Priority

Priority

Average of 2-5 business days

Emergency

Emergency

24/7 Until Completion

Frequently Asked Questions

How are ransomware attacks performed?

The extension hardly distinguishes itself from the other malicious programs: for example, manipulated websites, a link from a spam email or an existing message about a social network and embedding them in a system. In many cases, the perpetrators send standard looking emails that contain about delivery or collection debt. In truth, the attached file does not contain any relevant information, except the damage code. From there the attackers start their work. The Lockheed Martin Cyber Kill Chain® framework illustrates what the adversaries must complete to achieve their objective. MITRE ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

How does ransomware spread, and do you get infected by ransomware?

(Spear) Phishing mail The most common delivery system for ransomware is a phishing email that includes an attachment or a link. For individual machines when the user opens the attachment or clicks the link, the ransomware runs a program that locks the system, and displays a demand for payment. When this happens, the only way to decrypt the data is through a mathematical key only known by the attacker. There have also been cases where malware will display a message claiming that the user's 'Windows' is locked. The user is then encouraged to call a "Microsoft" phone number and enter a six-digit code to reactivate the system. The message alleges that the phone call is free, but this is not true. While on the phone calling the fake 'Microsoft', the user racks up long-distance call charges. For more sophisticated attacks this is just the start of a series of events as described in the Lockheed Martin Cyber Kill Chain® framework and MITRE ATT&CK® knowledge base. Infected Webpages and Malvertising/Adware Infected URLs are commonly used to distribute ransomware. Clicking on one of these links, whether through an email or an unverified website, can automatically trigger a ransomware download to your hard drive, also known as a “drive-by download.” Just visiting the site without even downloading anything can lead to a ransomware attack. Remote access points (RDP) Ann increasing number of attacks are gaining access to a company that has open and exposed remote access points, such as RDP and virtual network computing (VNC). RDP credentials can be brute-forced, obtained from password leaks, or simply purchased in underground markets. Where past ransomware criminals would set up a command and control environment for the ransomware and decryption keys, most criminals now approach victims with ransom notes that include an anonymous email service address, allowing bad actors to remain better hidden.

How does ransomware work?

Ransomware is malware that blocks the operating system or entire server or encrypts existing data. The perpetrators are squeezing their victims by making clear that the data has only been released and made available after a ransom payment. Other ransomware variants focus on wiping or Data-Stealing exfiltration.

How much does ransomware cost an organization?

There is a big difference between an opportunistic ransomware- attack and a targeted attack. An opportunistic attack attempts to infect a significant number of victims and usually a few hundred or a few thousand is demanded. The amount is deliberately low so that paying ransom is the fastest and cheapest option to get back to normal with your IT systems. In the case of a targeted, carefully prepared attack by malicious parties, the ransom can run as high as millions. (NCSC)

Our virtual machine is infected with ransomware. Can Ontrack help?

Ontrack has invested in the continued development of proprietary software to recover data from ransomware-infected storage systems, virtual machines, backup files, tapes, and other storage media.Ransomware incidents vary on the type of payload, and data recovery can be complex. Ontrack provides the best possible solutions for data recovery success.

Experience That Matters

Ontrack has extensive experience with all types of data loss scenarios. Our goal is to provide our customers with peace of mind in the event of data loss due to hardware failure, human error, natural disasters or cyberattacks.

39

Years

In the business

1

Million+

Customers and growing

120

Petabytes+

Of recovered data

73,661,023,683

Of data files recovered over the last twenty years... and more and more every day!

Start your data recovery now with a free consultation.

Contact our team of experts.

KLDiscovery Ontrack, LLC, 9023 Columbine Road Eden Prairie, MN 55347, United States (see all locations)