Databack - Récupération de données
Request a quote
THE BLOG

How to recover data after ransomware?

Ransomware and cryptoviruses are taking your data hostage by encrypting your online backup media and now attacking their operating systems. Databack can help you recover your data and reboot your systems in the face of these increasingly numerous and sophisticated attacks.

Ransomware and cryptoviruses: attacks on the rise

Ransomware takes your computer data hostage by encrypting it. Also known as cryptolockers, crypto-lockers or cryptoviruses, this malicious software seeks to extort money from you in exchange for a hypothetical encryption key.

Ransomware infects storage media that are “online” and connected to the web. Despite the lessons learned from the global cyberattack carried in May 2017 by WannaCry, it has to be said that computers and connected media remain particularly susceptible to ransomware.

databack data recovery after a ransomware attack

Attacks on the operating systems of your online media

The advent of online backups has helped reduce incidents of sensitive data loss. The practice of “online backup” may even have encouraged users to abandon traditional “offline” or local backup systems: external hard disks, USB sticks, magnetic tapes…

But online backup systems are frequently affected by malicious data encryption or encoding software. And these attacks are not only growing in number, but also in complexity and sophistication.

New ransomware and cryptovirus attacks no longer target data alone, but also operating systems. They can therefore lead to time-consuming and costly service restarts, despite prior data backup. And in the absence of a backup, they can make data recovery partial or even impossible, depending on the scenario.

Databack’s experience in decryption and recovery of data following a ransomware attack has enabled us to put in place effective procedures. What’s more, in a large number of cases, we can guarantee a reboot of your systems and a rapid and complete return to business.

How do you recover your data after a ransomware attack? Databack can help…

Databack’s expertise in ransomware is based on constant monitoring and the handling of numerous practical cases. Our company has encountered and resolved the following ransomware and cryptovirus attacks: GandCrab 5.2, GlobeImposter 2.0, Dharma and Dharma.cezar Family, Phobos, Matrix, Rapid, Hermes 2.1, NM4, NotPetya, Locky…

In the event of a ransomware infection, your first reflexes as a user are paramount: as any rewriting on systems can block future restoration, it is important to freeze data by disconnecting systems from the network and shutting down all machines. In the event of an emergency, contacting a Databack technician by phone or e-mail will enable you to adopt the best attitude in the various stages of this process.

Our work involves in-depth knowledge of virtualization, backup and encryption systems. This enables us to carry out a complete study of the infrastructure of the systems affected, and to analyze encrypted backup files. Our engineers can then choose the optimum decryption process for extracting your data and virtual machines, and restart the system as quickly as possible.

Once data recovery is complete, you’ll need to understand the origin of the cryptolocker in order to deploy the tools and procedures capable of blocking future attacks. To this end, information on the type of ransomware or cryptolocker used, as well as the precise dates of the attack, is provided to you on request by Databack. We can also put you in touch with specialist service providers for a security audit of the systems to be protected.

3 January 2024
Back to blog

list of latest articles

KEEP IN TOUCH

SUBSCRIBE TO OUR NEWSLETTER

By entering your email address, you agree to receive the Databack newsletter. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the content. You can consult our privacy policy to find out more.
Databack Linkedin