Server Data Recovery - Top Tips for 2023
Posted on 18th February 2023 at 11:49
Not only is the decision about whom to engage for data recovery of the utmost importance, but the first steps you take after server data loss can also influence your system recovery.
In this blog post you will learn about the different types of server data recovery that exist, how much data recovery from a server is likely to cost, how to avoid unnecessary data loss after a server failure, and how to choose the right data recovery company for you.
This article was updated in 2023, and contains up to date best practices and advice about the server data recovery market today.
What types of server data recovery exist?
Data recovery from RAID 0, RAID 1, RAID 5 and RAID 10 servers
Data recovery from virtual servers, hypervisors and data in virtual environments
Data recovery after a ransomware attack
What factors influence server data recovery pricing?
How much does data recovery from a server cost?
What steps should I take after data loss?
What should I look for when choosing a server data recovery company?
So whether you are looking to recover an SQL server, a RAID server, a virtual server, an Exchange server, a Windows server, a NAS / SAN / DAS or anything else, this guide should help.
Data recovery from RAID 0, RAID 1, RAID 5 and RAID 10 servers
Whilst RAID generally introduces system redundancy to help reduce downtime after a single drive failure, data loss from RAID arrays is still a surprisingly common event.
Whether the data loss has occurred due to a software malfunction, more than one drive failing at the same time, or even as a result of a fire or flood, data recovery from a RAID array is often possible.
Generally the service will be broken down into three parts: the physical repair of any damaged storage devices; the reassembly of the matrix; the fixing of errors on the logical file system.
Each of these stages is highly complex, and requires in-depth expertise, and frequently the use of custom-developed tools. It is certainly not for the amateur, and you will need to find a company that has a track record in RAID data recovery, preferably with an R&D team that can custom-develop a solution as required.
Data recovery from virtual servers, hypervisors and data in virtual environments
Virtual server data recovery is usually a complicated process due to the complex nature of how hardware, software and access are merged to create an efficient and resilient data environment.
Data loss from virtual servers can be the result of any one of a number of issues, including deleted files, snapshots or VMs, corrupted or re-formatted Datastores of VMFS, ReFS, NTFS and other host volumes, or physically damaged disks.
Depending on the nature of the virtual server data loss, the recovery could be performed in a specialist lab (usually necessary when there is any physical media damage to overcome), remotely via a secure internet connection (useful when the servers are cloud-based or not on premises), or in certain circumstances on the customer site (when data is highly sensitive for example).
Data recovery is usually possible from the following virtual environments and situations, and more:
|
System type |
Citrix Xen |
Hyper-V |
|
|---|---|---|---|
|
|
VMware vSAN |
VMware ESX |
KVM |
|
Data loss type: |
Failed disks |
Deleted VMs |
Reformats |
|
|
Corrupt Datastores |
Corrupt files |
RAID failure |
Data recovery after a ransomware attack
One of the biggest threats to data security and a company’s ability to use and get value from their data assets is the emerging scourge of ransomware and other cyber threats.
Over the last few years, the volume and impact of malicious endeavours in cyberspace have grown significantly, despite the industry’s efforts to bolster defences significantly.
Many observers have noted the shift to remote working of the last 2 years has exacerbated this trend, with a large majority of breaches a result of employees letting their guard down, with email being a frequent delivery method.
From a data recovery perspective, and especially when servers are affected by ransomware, the impact can be huge and the recovery solution very complicated indeed.
If we assume that funding cybercriminals by paying a ransom, and in doing so encouraging further or repeat attacks, is to be avoided at (almost) all costs, what are the alternatives?
Professional data recovery companies routinely recommend isolating systems and seeking professional help immediately, even before engaging with the cybercriminal as signals sent regarding the potential value of the data can be problematic.
The data recovery process for ransomware-affected servers is usually bespoke, and a combination of commercially available tools, custom-developed software, and a deep dive into the infrastructure and backup protocols of the affected company.
Whilst the success rate for data recovery after ransomware is lower than recovery rates for systems afflicted by other issues, it is nevertheless a worthwhile first step, and you should know in a few days the likelihood of a successful outcome.
Common ransomware variants seen by data recovery companies in 2023 include:
|
Maze |
REvil |
SNAKE |
Tycoon |
|
PonyFinal |
Mailto |
Ragnar |
Zeppelin |
|
TrickBot |
Qakbot |
Thanos |
WannaCry |
|
TFlower |
ProLock |
MegaCortex |
Ryuk |
What factors influence server data recovery pricing?
There are several stages to data server recovery, some of which you should expect to pay for, some of which you should get for free.
The cost for server data recovery is rarely fixed, as the variables are much wider than with single drive data recovery, so your quote will likely be from a fairly broad range.
Other key factors which influence the price of data recovery are the nature and severity of the problem, the speed with which you’d like to have the data back, and whether or not the recovery needs to be performed under special conditions such as on site, chaperoned and performed ‘off grid’, or handled by a specialist team such as R&D.
So let’s start with the actual cause and effect of the data loss. If your RAID server, SQL server, virtual server or any other is suffering from any physical or electromechanical failure, then these issues will likely need to be overcome first.
This will usually involve the equipment being shipped to a data recovery lab with a Class 100 (or better) clean room, in order that any hardware issues can be investigated and (often only temporarily) fixed, and an image (sector by sector copy) of the data extracted.
Physical problems could involve hard drive failure, RAID controller malfunction, circuitry damage, and any one of a number of other challenges which require expert attention to overcome, often with the need for (sometimes rare) donor parts or replacement componentry.
Only then can the file system’s logical problems be addressed, and this requires a whole different skillset and set of tools and techniques, especially if the data image is less than 100%.
Specialist data recovery engineers will often use a mixture of commercially available tools, custom-developed data recovery software, and good old-fashioned logic and brainpower to piece the data maps back together and turn those bits and bytes back into usable files.
As a general rule, the greater the physical and logical damage, the harder and more time-consuming it is to effect a data recovery from a server, and pricing will vary greatly accordingly based on this.
Secondly, the level of urgency is a key cost factor, and this will vary from case to case according to the customer’s needs and budget. Where time is not of the essence, and the recovery work can be done during normal office hours, the recovery will be charged at a lower rate.
If, on the other hand, the data loss is more time-critical in nature, and the data is important to the day to day running of a business, then an emergency or expedited service level might be preferred. This is charged at a premium as the case will likely jump the queue and be worked on through the night or with a bigger team.
These premiums can range from 50% to 100% and more, depending on the specifics of the case and the additional costs incurred, but sometimes the value of the data more than warrants it.
Lastly, will the recovery be performed in a regular lab by the regular data recovery team, or will it need to be handled by a specialist team?
Examples of specialist recovery conditions include:
On-site recoveries. Perhaps the data is extremely sensitive in nature, and cannot leave the client site? This incurs additional costs as data recovery specialists will need to spend time travelling to the customer and setting up a temporary (and often limited) recovery infrastructure As a result the recovery itself can be made more difficult and take longer due to the fact that not every tool and resource will be available.
Chaperoned. If the data is extremely sensitive, but the recovery work (usually physical) is too extreme to even contemplate outside of the recovery provider's clean room, then the option sometimes exists to create a dedicated space (often isolated from any network or 3rd party storage device) inside the data recovery company’s premise for this customer alone.
Again, it can take longer, and often other customers' cases will need to be paused and concealed to accommodate this set up, especially if the customer needs to observe all stages first hand – security and privacy protocols contained in the Ts & Cs of most data recovery companies demand it. Additionally, data recovery server engineers with certain governmental security clearances might be required in these cases.
Research and development. Many of these larger, newer servers have much more complicated and less well understood filesystems, so it is also quite a regular occurrence for the R&D team to be involved. For the very newest systems, it might be that a recovery tool has never been developed, and this will need to be undertaken on the fly.
This is an extremely specialist area, and there are very few companies in the world that can accommodate this.
Frequently, custom recovery tools will need to be developed with the assistance of the original equipment or software manufacturer, so only data recovery outfits with these types of relationships will succeed.
What steps should I take after data loss?
I think we can all now agree that server data recovery is often difficult and usually expensive, but how much do your actions in between the initial data loss and the data recovery effort itself affect the process?
In some cases, it can be quite a lot. There are several best practices to observe to improve your chances of data recovery, and hopefully limit the cost:
Avoid do it yourself attempts at data recovery, these can often make the situation worse
This includes reconfiguring drives, running 3rd party tools, or attempting to restore from backup
Stop attempting to write data to the storage devices, and prevent further user access
Potentially recoverable data could be needlessly overwritten and lost forever
In case of a cyber-attack, disconnect infected machines from the network
Do not try to decrypt, and avoid engaging with the attacker if possible
Do not attempt to clean or dry physically damaged drives, and power down immediately
Leave them in their current state and seek professional help quickly
Do your research and only entrust your precious data to a reputable company
There are many in the industry that lack credentials and will hinder your recovery or worse
What should I look for when choosing a server data recovery company?
One quick Google search and it is easy to be overwhelmed by options. Every data recovery company appears to be the same:
Same zero cost evaluation and low headline recovery fee
Same 'no fix, no fee' guarantee
Same claims about technical success rates
Same Trustpilot score and glowing reviews
So let's break it down again:
Zero cost evaluation
Yes, this is pretty much the industry standard, and despite the fact that it can be a loss-leader for those companies that put material effort into the evaluation before asking you for a financial commitment, in most cases this is what you should expect.
For additional R&D effort to get a meaningful diagnosis, or to offer a data recovery guarantee (perhaps with a file listing) for the more complicated recoveries, you should expect to be asked for a non-refundable contribution.
This is only fair, and common for server data recoveries. It enables the data recovery company to go far enough down the recovery road to get you an evaluation result that is meaningful, and enables you to make a fully-informed decision about whether or not it is worth your while proceeding.
No fix, no fee
For simpler, single drive recoveries and commodity data recovery efforts, you should not be paying the data recovery company recovery fees if they are unable to get back your data. In fact, we need to be more specific - if they don't get back the data that you want or need. If the recovery is poor, and all that can be returned are a few fragments of files, then you should NOT consider that to be a successful recovery, and you should reject it with no further recovery charge outside of what you committed up front / to get to this point.
Further, many data recovery companies offer you the chance to reject what could be considered a good data recovery outcome (maybe 60% of data or more) if, after perhaps reviewing a file listing, you decide the recoverable data is simply not, or no longer, worth the investment. Maybe the specific database you are looking for isn't there, or the evaluation took so long that the moment has now passed and you do not wish to proceed further?
Either way, if the company states 'no fix, no fee', and you have not committed to any charges beyond the evaluation stage up front, then you should be entitled to reject the recovery proposal if the data you need is not there or no longer valuable.
Beware the unscrupulous companies that state up front that there will be no charge if you decline the recovery quote, then essentially hold your data to ransom if you refuse to go ahead. This is unfortunately more common than you would think, so make sure you do your research before sending your equipment in. Google is your friend here.
Technical success rates
Another minefield I'm afraid, as what constitutes a success recovery is wide open to interpretation. As above, is a fraction of a file, or a tiny bit of metadata, useful to anyone? Not really. But was some data recovered? I guess so.
More useful would be to consider what percentage of time a data recovery company gets back all of the data, or possibly more important still, what is the success rate for recovering the data that the customer needs? After all, it is not recommended restoring operating systems and the like from recovered data drives, rather perform a fresh reinstall, so you don't always need 100% of the data recovered.
So ask the questions. Anyone that says they recover all of the data 97% of the time is being dishonest. Realistically the industry standard rate is more likely 70% at best. Perhaps 80% if you're talking about the subset of data that the customer needs, or sees sufficient value in.
Remember, data recovery is not an exact science, and certainly not always possible.
Trustpilot and reviews
Unfortunately this is another one that is easy to fake, and caution is advised when reading too much into the headline statistics.
It is well documented that fake reviews are commonplace, bad reviews can be edited or taken down, and some companies only send review requests to happy customers so that the overall results are skewed.
And this isn't just a Trustpilot issue, there are many review platforms - some more legitimate than others - but almost all are susceptible to some form of manipulation or other.
If you can get a data recovery recommendation from a trusted friend or source, not a random individual on a review site that can be manipulated, then that is a much safer option. So reach out to your social networks and see who can help. Failing that, make sure you do your research beyond a review site score, and when you call a company to discuss services, make sure you ask the difficult questions - a reputable outfit will gladly answer them.
Ultimately there will always be a small degree of risk with these complicated recovery endeavours, so once you have taken all of the above into consideration, add the final measure - your gut feel. Did the person you spoke to sound knowledgeable, trustworthy, fair? Did you speak to an actual data recovery engineer or only a sales rep?
Remember, all reputable data recovery companies provide initial advice for free, so make a quick phone call to better understand your options before jumping in at the deep end - even if you use one of the companies that we have vetted and recommend - it could be the difference between recovering your valuable data and not, and you might only get one chance at recovery.
Server data recovery additional FAQs
How long does server data recovery take?
Usually an evaluation will take 24-48 hours, and the recovery about the same. If there is a huge amount of data that needs copying out, then this can run into a couple of weeks. One other key timing factor is R&D work - this is usually days, if not several weeks when required.
Can data recovery from a server be performed remotely?
Certain companies have the technology to do this, but not all. It generally involves opening up a secure internet connection between the data recovery company and the customer, passing down tools to be stored and used locally, then pulling the tools back after recovery and rebooting. It is usually quicker than sending devices to a lab, but only beneficial when there are no electromechanical failures.
Can SQL databases be recovered?
In many cases, SQL and other databases can be recovered, provided the damage to data structures is not excessive and there is a high percentage of the raw data available. Due to the fact that databases often rely on large files, when these files are fragmented over lots of different storage areas it is common for pieces to be missing in partial data recoveries, and not always repairable when incomplete.
Can I recover my server data on my own?
Theoretically, and provided the damage to your system is logical rather than physical, then it is possible to recover from some typesof server data loss with DIY software, although this is a risky strategy, and it is always worth contacting a professional data recovery company for guidance first.
Do You Need Server Data Recovery?
Share this post: