It is possible to recover data after a Lockbit 2.0 Ransomware attack. We did and this is how it happened.
We received a contact from a company that said it had suffered an attack and was unable to continue its activities. When they arrived at their offices, right after the weekend, they realized that a good part of their data was inaccessible.
This was the situation: More than 10 virtual machines, all hosted on Windows Server that no longer boot due to malware in the environment, which prevented the company from functioning.
The hacker group Lockbit, having invaded the environment set a ransom demand of more than 20,000 euros. Ransom that the company refused to pay.
After this, the search for a company capable of recovering their data was initiated, with many fears about the possibility of recovery without the payment of ransom, they found Digital Recovery. We soon positioned ourselves as the solution to the problem.
Because of the fear with the solutions offered and the possibility of decryption, only one infected VHDX was forwarded, which we fully understood, after all, that is what we hear around.
We then performed an advanced diagnostic that resulted in a promising scenario that made recovery possible. With the company’s authorization and the diagnosis done, we then started the data recovery.
Seeing that we were able to deliver what we promised with one VHDX, the customer was quick to send the others. We set a deadline for checkpoints during a project, which allowed the customer to be increasingly relieved.
The company needed one of its VHDXs to be restored as a virtual disk and then booted into a VM. A demand that was successfully met.
Thanks to the skills of our experts, with the help of Tracer, our proprietary technology, 100 % of the encrypted data was recovered. Within a few days we were able to prevent a fatal loss of time and money for the company and its customers.
Ransomware attack can’t be prevented, but data loss can.