How a data recovery company can restore your files after cyber-attack without paying a ransom
Posted on 12th April 2022 at 13:30
With ransomware attacks part of our daily lives now, and businesses of all sizes being targeted, it is important to understand what options exist to recover your data successfully after a cyber event without yielding to the ransom demands of the criminals.
Why not pay the ransom?
Apart from the fact that you would be funding criminal activity, might actually be committing an offence yourself by paying the ransom, and you are opening yourself up to repeat attacks, alarmingly very few ransom payments actually result in a full restoration of your data.
Many files (especially those larger in size) are returned corrupted, frequently only a portion of your data is returned, and sometimes a ransom payment doesn’t result in the return of any of your data at all. It would be foolish to place too much trust in these bad actors, they are generally untraceable and not exactly famous for their scruples…
How can a data recovery company help?
Thankfully, there are several routes an experienced data recovery company can pursue to try and restore or decrypt your files without the need to engage with the attacker, and oftentimes these can result in a more complete restoration anyway.
Additionally, it is usually significantly cheaper to employ a data recovery company, which is also music to your insurance company’s ears.
1) Decryption tools. Data recovery companies generally have access to, and just as importantly, working knowledge of, hundreds of different decryption tools, and will know which ones to use for each ransomware variant. Additionally, dealing with cases like these every day, they will ensure that the approach is non-destructive as missteps can be very damaging to your data.
2) Restoration from backup. Able to review and recover all sources of data, a data recovery company will help you understand what backups (or parts of backups) remain available to you in an uninfected state, and will help you piece together the best and most recent version of your data possible. Sometimes data gaps can be rebuilt, other times reconstitution is necessary, but understanding what you can restore before you consider a ransom payment is important, and might also provide leverage in negotiation.
3) Data recovery software. There are several tools on the market that can provide data recovery after ransomware attack in certain cases, but as always it is very important to know how to use these tools properly, and moreover non-destructively, which can be very difficult for the uninitiated. The best data recovery companies have this experience, and often their own in-house recovery tools to lean on too, so in most cases are a better bet than you trying to navigate a recovery yourself.
4) Roll back files or systems. In addition to full or partial restorations from backup, it is often also possible to roll back important files or even entire systems to a previous, and hopefully uninfected state. Sometimes there is functionality within the native software to perform this, other times a recovery company will reverse-engineer a solution or have a custom tool available for this, but frequently it is a sensitive procedure that will form only one part of the plan for recovery.
5) Bespoke recovery tools. Performing up to 50,000 recoveries per year, the biggest and most technically advanced data recovery companies will have developed a wide range of data recovery tools in house. Additionally, they will have excellent working knowledge of the tools that are commercially available for this purpose, and will be well placed to know when and how to deploy them. The very best will have in-house R&D teams to create a bespoke tool as and when required, although this can be a time consuming and expensive endeavour.
6) Repair and rebuild tools. Oftentimes, after using one of the above methods for data recovery, or even when hoping your data is decrypted after paying a ransom, there will still be corruption or holes in your files or databases. Established data recovery companies will generally be able to improve the quality of the recovery by using file repair and database rebuild tools, frequently turning a partial recovery into a full and useful one.
Can a data recovery company help after the event too?
In addition to helping you access or restore your files after attack without the need to pay a penny to the bad actor, some data recovery companies will be able to offer additional support to help you build resilience and avoid a future repeat.
Cyber breach coaches will manage the stakeholder communications and reduce reputational impact, forensic investigators will establish how the breach happened in the first place and advise on measures to restrict or prevent this from happening again, and penetration testing experts will check the resilience of your systems going forward.
In summary, there is a lot a data recovery company can do for you should you fall victim to a cyber-attack, and there are many reasons why you should engage one as a first step.
Paying a ransom should be seen as a very last port of call, and rarely presents itself as a safe or technically sound solution, not to mention unethical.
Share this post: