Data recovery from Ransomware infection can be done in 3 cases:
- There is a weakness in the code of the Ransomware, which we can exploit to extract the decryption key. Unfortunately, in recent years, this has become increasingly rare.
The circulating strains generally do not have weaknesses in their code and do not have vulnerabilities to exploit. - The attackers have been arrested and servers containing the unique keys have been seized. When this happens, Europol releases the keys (or ideally the Master Key), and with these, we create decryption software – decryptors.
Northwind Data Recovery, as a member of the NoMoreRansom project of Europol in the field of fight against cybercrime, actively participates in creating decryptors and – of course – our customers are immediately informed with the good news. - In many cases, even if the key is not known and there is no vulnerability that we can exploit, there is hope. We have developed techniques through which we can recover data under certain conditions.
Of course, this solution is not complete and has several weaknesses, but it has often proven lifesaving.
To be able to help in these cases, the following conditions must be met:
a. The original infected drive must be intact (NOT a copy of the data).
b. The drive must NOT be an SSD (*we are in the process of perfecting a new methodology, which will allow recovery even from an SSD. However, this methodology is currently under construction).
c. They should not be particularly important files, such as SQL databases, as in these cases, the chances of success are significantly reduced. In contrast, “classic” file types (such as images and documents, .jpg, .pdf, .doc/.docx, .xls/.xlsx, etc.) have good chances of being recovered.
d. Recovery without structure (i.e., “bulk” files in a folder without file names and folders) must make sense to the end user.
All 4 of the above conditions must be met. In this case, contact us!