Please read the following Terms and Conditions in detail before using our services. This Agreement defines the foundation for all services provided between the parties.

These Terms and Conditions constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”, “client”) and BeforeCrypt GmbH (“we,” “us”, “service provider”, “contractor” or “our”), concerning your access to and use of the website as well as any other ransomware data recovery service.


The client authorizes BeforeCrypt, its employees, subcontractors and contractors, to access your computer systems, storage media, network, and conduct an evaluation or your IT-Systems to determine the damage, consider recoverability and provide an estimate. By submitting the “Ransomware Data Recovery Quote”, the client allows BeforeCrypt to take all necessary efforts and measures to restore the data affected by ransomware.

CANCELATION: If the client independently decides to cancel the data recovery and the work of BeforeCrypt has already started, the full payment of the original order is due immediately.


(1) Prices apply in accordance with the individual offer plus the legally applicable VAT.
(2) Payment of the purchase price must be made exclusively to the bank details shown on the invoice, by PayPal or credit card payment. The application of a discount is only permitted with a special written agreement.
(3) Unless otherwise agreed, the purchase price is payable immediately after invoicing. Interest on arrears will be charged at 8% above the respective base rate p.a. calculated. We reserve the right to assert higher damage caused by default in the event of non-payment, as well as the commissioning of collection services and further legal action.

BeforeCrypt charges a success fee for the successful ransom negotiation, depending on the type of offer, which is referred to in the offers as a “success fee” (or similar). For the calculation of the success fee, the ransom amount originally demanded by the ransomware attacker in the respective crypto currency is set towards us at the time of the discovery. After completion of the ransomware incident support, and after completion of any ransom negotiations, the difference between the original ransom demanded (in crypto currency) and the ransom negotiations carried out by us is set as the basis for calculating the success fee. Depending on the offer, we charge a percentage success fee in EURO on this difference, which we will invoice you separately after the ransomware incident has ended. Unless otherwise mentioned, this is to be understood as payable immediately.

Liability Disclaimer

The client takes sole responsibility for the results that arises from the use of ransomware data recovery services and for the data derived from such service.

The service provider assumes no liability for damage caused by errors or omissions in the information, instructions or software provided to the service provider by the client in connection with the data recovery services, or for all actions that the service provider performs on the instructions of the client; and

All warranties, terms and conditions that arise from the Law or common law are, to the extent permitted by law, are precluded by this agreement.

BeforeCrypt is not liable to the client or in connection with the contract for loss of profit, profit, loss of business, loss of revenue, loss or reputation or goodwill, loss of opportunities, loss of data or impairment of business operations or indirect or consequential damage of any kind.

In particular and without prejudice to the provisions of the exemption from liability, the
Service providers are not liable for losses or damage to the systems, data, Information, devices (including the client’s operating environment) or the client’s intellectual property rights that arise in any way.

Subject to the other provisions of this clause, the service provider has a maximum total liability towards the client, which results from or in connection with the contract, with regard to each event and all events before this event (summarized) limited to an amount equal to the Fees that the client paid to the service provider for this order before such an event.

Function of software / databases / operating systems: Depending on the type of ransomware, even active databases or Windows system files are encrypted during operation, and are frequently included in encryption.

Regardless of the actual encryption of the files, this can damage the databases. Despite successful decryption of the data, BeforeCrypt cannot guarantee that it is functional and excludes liability for any software functionality.

The restoration of the software functionality of the operating system, industry software, databases or other software is not part of our offer and must be explicitly ordered from us as an additional service.


BeforeCrypt conducts a remote maintenance session with the client to assess the incident. It is the duty of the client unto BeforeCrypt to point out all encrypted end devices and data storage paths that contain encrypted data or are infected with malware.

In the course of this initial assessment or during ongoing work, it may be found that there are further ransomware IDs, malware attacks or other encrypted data storage paths.

You understand and accept that a separate offer must be requested for the additional work (cleanup, decryption) and that these are not covered by our original offer.

Ransomware Prevention & Network Security Audit

We always recommend ordering our “Ransomware Prevention & Network Security Audit” service. BeforeCrypt does professional vulnerability analysis, malware cleaning and ransomware protection for the duration of the work.

If the client does this work on its own, BeforeCrypt cannot ensure that the IT systems have been professionally cleaned of malware, that open security gaps have been fixed, and that all back doors for attackers have been closed.

Since this may still allow the extortionists to access your IT systems, the data may be re-encrypted or the system may be damaged by the attackers immediately after BeforeCrypt has decrypted the data.

You agree that the service provided by BeforeCrypt is still considered to be 100% performed and that the agreed payments must be made by you in any case.

You are aware of the risks and exempt BeforeCrypt from all associated liability claims.

Communication with extortionist

If necessary, BeforeCrypt communicates with the extortionists who have infected your IT systems. We request decrypted file examples from the extortionists, which are then made available to you for inspection. All files that you provide to us must be, by nature, classified as NON-CONFIDENTIAL.

You agree that we send such files to third parties for this purpose and that the above-mentioned provisions “Waiver And Release” and “Liability Disclaimer” apply to us.

In addition, you agree that may contact the extortionists on your behalf to assess the ransomware incident and, under certain circumstances, assume your identity. They understand that this is part of the professional ransom negotiation.

Reporting crimes to authorities

BeforeCrypt always recommends reporting all Internet crimes to the authorities. It is entirely up to the client to ultimately report the crime. BeforeCrypt will never share information with law enforcement agencies on its own initiative, unless required by law, a written request from the authorities, or the client’s written consent.

A list of the responsible authorities can be found here:


Supplemental terms and conditions or documents that may be posted on the Site from time to time are hereby expressly incorporated herein by reference. We reserve the right, in our sole discretion, to make changes or modifications to these Terms and Conditions at any time and for any reason.

We will alert you about any changes by updating the “Last updated” date of these Terms and Conditions, and you waive any right to receive specific notice of each such change.

It is your responsibility to periodically review these Terms and Conditions to stay informed of updates.

You will be subject to, and will be deemed to have been made aware of and to have accepted, the changes in any revised Terms and Conditions by your continued use of the Site after the date such revised Terms and Conditions are posted.

LAST UPDATE: 18.02.2020


These Terms and Conditions and your use of the Site are governed by and construed in accordance with the laws of the State of Bavaria, Germany applicable to agreements made and to be entirely performed within the State/Commonwealth of Bavaria, Germany, without regard to its conflict of law principles.