How Does It Work?

We’ve developed a streamlined ransomware recovery process to help you get back to work as soon as possible.


  • STEP 1: Free Assessment

Submit the encrypted files and the ransom note for review. We then prepare a risk analysis, determine the exact type of ransomware, and examine the possible recovery options. Every ransomware infection is unique and we have to understand your situation to know what the best course of action is. This process usually takes 24 hours at most, and in case of a serious emergency can be faster. Click here to submit a new case.


  • STEP 2: Quote

We have two modes of service:

  1. Our “No Data, No Charge” guarantee. A fixed-price quote for ransomware removal and data recovery. If we cannot recover the data, you pay nothing.
  2. Full Incident Response. We take care of everything necessary to get you through the attack and get back to work with improved security. Based on a daily flat fee.


  • STEP 3: Acceptance of the Quote

After acceptance of the offer, we will send you an invoice including VAT, which you can pay by PayPal, direct debit, wire transfer or credit card. We also offer secure payment processing via an escrow service. When we receive the payment, we start the ransomware recovery process immediately.

We also sign a data processing agreement (DPA) in line with GDPR compliance. During and after the ransomware recovery process we maintain strict confidentiality with your data. We are a registered German company and we operate with full compliance to  German and EU laws, which are internationally known for their high data protection standards. Read more


  • STEP 4: Preparing for Recovery

First, you need to install our remote maintenance software on the affected computer system. We remove the ransomware, determine any vulnerabilities that might have caused the issue, and then backup all encrypted files. We then install a next-generation antivirus solution with ransomware protection. This installation protects your data from further damage and helps prevent future ransomware attacks.


  • STEP 5: Data Recovery

Now that the computer system is cleansed of the ransomware trojan and a re-infection is prevented, we start with the ransomware data recovery. If negotiation with the attackers is necessary, we determine which ransomware gang is behind the attack. We examine past data on the attacks to understand their behavior patterns and adjust the negotiation strategy accordingly.

During this process, we follow all relevant national and international laws to ensure full compliance. We also collect all data necessary for law enforcement and insurance purposes.


  • STEP 6: Prevention & Reporting

A dedicated ransomware recovery expert will be assigned to assist you at all time throughout the recovery process. After the data recovery is complete, the team member assigned to your case will provide detailed guidance on how to improve your IT security and prevent future attacks.

Cyber-insurance policies usually cover the costs of using a professional ransomware recovery service. We compile all of the data gathered during the ransomware response into a detailed attack report delivered within five days after the completion of the data recovery. This report will contain complete documentation of all details required by your insurance company.

Ransomware Recovery Data

Advantages of Using Our Ransomware Recovery Service

  1. Significantly Reduced Downtime. The interruption of your organization’s normal activities can be very expensive. We know that every hour, and sometimes every minute, can make a difference. Our streamlined recovery process is designed to get your operations back online as fast as possible.
  2. Success Guarantee. We have a No Data – No Charge guarantee available as one of our service models.
  3. Easy Insurance Reporting. You receive a detailed report containing all necessary data and a sample letter so you can easily file a claim with your cyber-insurance. Cyber-insurance policies usually cover the costs of using a professional ransomware recovery service.
  4. Professional Security. In every case we use high standard industry best practices to secure your data and remove all ransomware from your system before beginning with decryption. Our standardized and highly secure procedures protect your data and prevent any further spread of ransomware on your network.

Frequently Asked Questions

After a free assessment, we will provide you with a quote. The exact cost depends on the type of attack, the extent of the attack, the number of encrypted computers, and your local environment (e.g., performance of computers, servers, operating systems).

  1. We can reduce your downtime from ransomware significantly. We deal with over a hundred cases every year. We know what to do to keep the downtime for your company to an absolute minimum. You can benefit from our expert knowledge and don’t need to do time-intensive researches by yourself. Most of our cases are completely resolved within 24-72 hours after we begin the recovery process.

  2. Don’t deal with criminals directly. Most companies don’t feel comfortable dealing with cyber-criminals. It can add a layer of stress and risk in this emergency. We handle all communication with the criminals for you according to all applicable laws and regulations to restore your data as fast as possible.

  3. Instant Ransomware Payment. We don’t recommend that you pay the ransom. But sometimes there’s no other way if backups and normal recovery methods fail. If you try to buy Bitcoins yourself, an intensive know-your-customer process is usually required, which takes 2-6 days for large amounts. To save you this trouble, we always have Bitcoins in stock and can make payments instantly.

  4. We don’t damage your data. We always use industry best practices to back-up your encrypted data, remove the Ransomware trojan and then restore your data with normal recovery methods or decrypt the data with the official software. This standardized process ensures that your data won’t get damaged and that the ransomware no longer spreads on your network.

  5. Easy Insurance Reporting: You receive a detailed report and a sample letter to easily submit all necessary information to your cyber-insurance. Cyber-insurance usually covers a huge part of the costs involved with ransomware incidents.
  1. Backup, Backup, Backup! Use a separate backup destination like a secure cloud storage provider or a local backup medium which is physically disconnected after a successful backup run.
  2. Install a Next-Gen Antivirus. Next generation anti-virus software combines a classic signature-based antivirus with powerful exploit protection, ransomware protection and endpoint detection and response (EDR).
  3. Install a Next-Gen Firewall. A Next-Gen-Firewall is also called Unified threat management (UTM) firewall. It adds a layer of security at every entry and exit point of your company data communication. It combines classic network security with intrusion detection, intrusion prevention, gateway antivirus, email filtering and many other features.

Yes, we provide services around the globe. Our customer service is available 24/7 to assist you with ransomware recovery in over 20 languages.

In emergencies, we can start with the ransomware data recovery immediately. Since our support team operates 24/7, we can reduce your downtime to a minimum by working non-stop to recover your data.

Load More