Malware has been around for nearly 40 years, longer even than the World Wide Web, but ransomware is a different kind of threat, capable of crippling a company and damaging or destroying its critical data.
And the threat is growing. Estimates vary, but a recent FortiGuard Labs Global Threat Landscape Report found an almost 10-fold increase in ransomware attacks between mid-2020 and mid-2021. No sector has been spared from its ravages.
Basic cybersecurity defenses still apply: next generation firewalls (NGFW), endpoint detection and response (EDR) platforms, employee cybersecurity training, patching. As most malware comes via email and websites, don’t overlook the importance of gateways.
Zero trust is an important new tool to add to all that, essentially walling off your most important data. Machine learning-based behavioral detection is also of growing importance, recognizing attacks by detecting anomalous behavior. And a SIEM is always a good idea for centrally managing everything.
Ransomware Protection and Recovery Steps
But ransomware requires additional steps even beyond that, and the extraordinary damage and cost victims incur makes them worth the cost.
-
Data backup
The first is high-integrity, immutable, air-gapped data backups, which is the quickest and cheapest way to recover from an attack. But “recover” is a key term: make sure you have the bandwidth to restore your data quickly.
-
Ransomware removal tools
The second piece – which your EDR vendor, for example, may already offer – is a ransomware removal tool that may be able to decrypt your data and remove the ransomware quickly, and possibly even block an attack before it gets anywhere. There are also free ransomware decryption resources on the internet to help you.
Also read: How to Recover From a Ransomware Attack
-
Ransomware recovery services
The final piece you should consider is having an arrangement with a ransomware recovery service should a crippling ransomware attack occur. It may be the thing that keeps you in business.
These three ransomware protection and recovery steps by themselves, we should note, won’t protect a company from intellectual property (IP) theft or from having embarrassing secrets revealed; they’re aimed mainly at getting a company back up and running as fast as possible, which could be the difference between resuming normal operations or going out of business in some cases.
Here then is our review of the best ransomware recovery services.
Top Ransomware Recovery Services
The editors at eSecurity Planet reviewed a great many ransomware removal services. Some are ideal for enterprise-wide ransomware removal, but we’ve included some consumer-grade services that could help individuals or even companies bring relief to one or more devices. Our top managed security service providers (MSSPs) list is also a good place to look for help.
Here are the services that stood out in our analysis.
Kaspersky
Kaspersky has a number of ransomware removal tools available on its site. But just as there is a big difference between buying some DIY tools and attempting home renovations compared to bringing in veteran contractors, so is it wise to get ransomware removal help from the professionals. Accordingly, Kaspersky offers a wide range of professional services to address a range of security problems, including ransomware prevention and removal.
Kaspersky’s key ransomware and security services
- Access to a range of ransomware tools tailored to remove specific strains of malware
- Ensures Kaspersky products and ransomware removal tools are implemented correctly
- Proven expertise and technical support when required, putting less demands on hard-pressed IT admin teams
- Respond fast to new security threats
- Get recommendations on how to protect against new threats
- Assessment that audits and analyzes current security health and compliance status, advising on issues and providing recommendations
- Managing security deployment and configuration according to best practices
- Immediate access to experts for swift resolution of security issues
- Fine-tuning and hardening security
DataRecovery
If your computer is infected with ransomware, Datarecovery.com can help you restore the affected data. The company has been offering data recovery services for 20 years to businesses and individuals. If no data is recovered, there is no charge for its services.
DataRecovery’s key services
- Determine recoverability assessment – engineers assess each situation to determine the safest and most cost-effective option for restoring files
- Data decryption to determine whether a decryption key exists for your ransomware infection or if one can be created
- If decryption is feasible, the process is performed safely, returning systems to a functional state
- DataRecovery also offers hard drive data recovery, RAID recovery, tape recovery and just about any other data loss situation
- Operates cleanroom labs across the U.S. and Canada
- NASA, the Department of Homeland Security, and hundreds of Fortune 500 companies are customers
Touchstone
Touchstone Security employs security talent with experience working on cybersecurity and cloud projects for clients such as NJ Transit, Columbia University, and the Modern Language Association. The focus is on recovering deleted and encrypted files as quickly as possible.
Touchstone’s key ransomware and security services
-
Ransomware impact assessment and isolation to prevent the virus from further spreading through networks or computers
-
Determines the initial vector of infection, where your current data backups are, and the sensitivity of encrypted files
-
Ransomware removal and decryption of sensitive systems
-
Remove cybercriminal presence from the network
-
Ransomware prevention and lessons learned: Once data is recovered and systems are running, Touchstone puts in place a cybersecurity program to reduce the risk that you become a ransomware victim again
-
Training of employees to prevent phishing from both email and social media, as well endpoint protection and other cybersecurity safeguards to prevent future attacks
-
Partnerships with AWS, Cisco, Dropbox, Fortinet, KnowBe4, Microsoft, Veeam, Barracuda, and many others
Ontrack
Ontrack is one of the biggest names in recovery of lost data. It offers custom tools and development capabilities to support all types of data loss scenarios. This includes free ransomware consultations with experienced engineers.
Ontrack’s key services
- Help to contain an attack by disconnecting infected machines from the network
- Free advice and consultation on options for data recovery and how to prevent further potential data loss
- Ontrack has developed a specialized collection of proprietary tools to recover data from ransomware-encrypted systems, virtual machines, backup files, tapes, and other storage media
- With labs located around the world, help is available 24/7 from a team with vast experience in all types of data loss situations
- 130 or more decrypters are available
- Also offers virtual disk repair, database repair, backup file repair, deleted file recovery
- Data is recovered remotely or returned on encrypted media
Proven Data
The company boasts experts with over 20 years of experience dedicated to specialty areas within data recovery, cyber security, digital forensics, and ransomware recovery. It has a particular focus on medical, legal, and government agencies but works with businesses of all sizes.
Proven Data’s key services
- Has recovered data from all major hard drive manufacturers and all data loss scenarios
- Boasts a success rate of 98% in data recovery
- Digital forensics for insurance, medical, legal, and Fortune 500 companies
- Was one of the first companies to help with ransomware recovery
- 24/7 expedited emergency data recovery when needed
- Also offers server data recovery, RAID recovery, and computer crashes that cannot access the hard drive
BeforeCrypt
If your files got encrypted and backups fail, BeforeCrypt has ransomware experts ready to help with fast assistance to restore encrypted data. It promises a secure, compliant, and fast ransomware recovery.
BeforeCrypt’s key services
- Free assessment to determine ransomware variant and explore free recovery options, identify the attack vector, and evaluate risk based on historical incident insight
- Remove ransomware virus and patch vulnerabilities
- IT support for removal, remediation, and recovery
- Forensic analysis & reporting
- Fast decryption
- Ransom negotiation if necessary
- Incident report for law enforcement and insurance
- GDPR compliance check & reporting
- Best-practice security recommendations to avoid reinfection
Fast Data Recovery
Fast Data Recovery helps recover and secure the network from ransomware attacks. The company’s ransomware prevention and protection services guarantee recovery or no charge. It also guards against re-attacks by ensuring that any system rebuilds are done in a way that doesn’t leave them open to further attacks.
Fast Data Recovery’s key services
- No Data No Charge: guaranteed data recovery
- Worldwide support with 24/7 customer service & recovery
- Recoveries are undertaken remotely and completed within 24-48 hours
- A team of engineers working across Australia, US, UK & the Philippines
- Recovery from most types of ransomware such as PHOBOS, DHARMA, AVADDON, SADONIKOBI, MAKOP, STOP/DJVU, GLOBEIMPOSTER
- Free evaluation or priority evaluation for urgent recoveries
BitDefender
BitDefender offers Managed Detection and Response (MDR) services that include ransomware recovery. This service gives customers outsourced cybersecurity operations 24 hours a day. The service is delivered by combining various Bitdefender security technologies and ransomware tools.
BitDefender’s key ransomware and security services
- As well as malware detection and removal, it offers unlimited VPN traffic and priority support
- Detection to stop sophisticated cyber threats
- Multi-layer ransomware protection to keep files safe
- Unlimited, secured VPN traffic for online privacy
- Minimal impact on system performance
- Real-time data protection
- Network and advanced threat protection
Ransomware Removal
This company is a small outfit dedicated to ransomware recovery, and boasts an expert team. Once ransomware is eliminated and recovery is done, the team follows up to ensure things return to normal.
Ransomware Removal’s key services
- Initial evaluation and analysis of a sample of the encrypted files to understand the nature of the attack
- Works out the best data recovery strategy
- Determines how to prevent recurring ransomware incidents
- Once the ransomware strain is identified, a plan is laid out to successfully and fully recover files
- Once the immediate incident is resolved, cybersecurity experts make sure that any security holes are filled with a custom, military-grade security infrastructure
Intelecis
Intelecis primarily offers ransomware removal in Southern California. But it also provides managed security services to businesses across the United States and United Kingdom.
Intelecis key services
- Ransomware removal services for businesses performed by ransomware recovery experts
- Helps businesses remove ransomware and restore encrypted files
- Boasts experience and success addressing ransomware incidents
- Available around the clock to take a call or request
- Fast diagnosis on the extent of the virus and eradication within a few hours in most cases
- File restoration for small businesses to those with thousands of computers
- Free evaluation and consultation