The ransomware data recovery expert
Our number one goal is to support you in your efforts to get your business back to normal after a ransomware attack. While no two ransomware cases are the same, Ontrack has success in recovering from all types of ransomware cases.Download our full ransomware guide
There are three main types of ransomware. These are:
- Scareware. The simplest form of ransomware. Scareware consists of fake applications or programmes that disguise themselves as anti-virus or clean-up software.
- Lock-screen viruses. The second-most dangerous ransomware-type. When infected, the virus locks the user’s computer and displays a full-size window with a message stating that the user must pay a ransom to unlock the computer.
- The new encryption ransomware. The most dangerous ransomware-type. After gaining access to the Victim’s computer, the attacker infiltrates the computer’s data and file structure to encrypt every file and folder on the computer.
What should you do if you’re hit by ransomware?
If ransomware gets through your defensive line, you should do the following:
- Never pay the ransom! Paying the criminals doesn’t guarantee that you will get your data back. In many cases (and most definitely, if it is a ‘ranscam’ or wiper malware) you will not get your data back, leaving you with no data and a lot less money!
- Do not try to decrypt the data by yourself. Some computer specialists may have the capabilities to recover lost data, but it is risky – if something goes wrong, you could destroy your data forever.
- Check your backup! Even if your backup is missing after a ransomware attack, you should never rule out the possibility of recovery. Possible solutions depend on the type of media or storage system, and the type of ransomware.
Webinar: Prevention and recovery from ransomware
Our latest webinar, in partnership with NetApp, highlights valuable information regarding what preventative measures organisation should put in place in order to protect themselves from ransomware.Get access to our ransomware webinar recording
Case study - How NetApp technology helped Ontrack solve a ransomware infection
A laptop that was connected to a corporate network was the target of a Cryptolocker ransomware attack. The malware infected a CIFS volume that was set up as a file share on a NetApp FAS encrypting the majority of the files. Due to the IT team not being notified until after the expiration of the backup retention period, all backup files were affected.
The total impact of the ransomware resulted in inaccessible data on:
- 46 drives
- One aggregate
- One volume infected on a RAID-DP
For the recovery to go ahead, the Ontrack engineers had to take the aggregate offline, and the customer was advised to bring the 46 drives to the Ontrack lab for evaluation.
The Ontrack engineering team:
- Virtually rebuilt the RAID groups across ten different shelves
- Virtually rebuilt the aggregate
- Virtually rebuilt the critical volume
This recovery was additionally challenging due to the aggregate having still been in use for two weeks after the attack occurred, which resulted in some data being overwritten. Leveraging NetApp’s proprietary OS (OnTap) and file system (WAFL), Ontrack’s engineers used multiple consistency points to “walk back” in time to find and merge unencrypted copies of the critical data to return to the customer. This type of recovery is only possible on storage like NetApp’s FAS because of the way the data is stored in the volume.