Can we recovery ransomware files?

klabacita

Extraordinary Member
Hello.

We had last week a ransomware attack, our server where infected, we already have our services running.
The server is here with us, we didn't recover all files.
The question is, exist a company that could safely recover files from infected systems with ransomware?
Thanks all for your support.
 

Neemobeer

Principal Cybersecurity Architect
Staff member
Yes, but realistically probably not.

You can if one of the following has occurred
  • With the ransomware identified (someone such as a security researcher has discovered a flaw and created a decrpytor)
  • You implement SSL decrption at the perimeter, capture network traffic and were able to capture the key for the ransomware)
The other option is potentially brute force decryption which is in most cases is unrealistic and could take many years to brute force

Restore from backup is your best option and implement better end point protection to prevent ransomware in the first place.
 
Top