What is Ransomware?
Tic Tac specializes in data recovery after an attack of Ransomware. The Ransomware encrypts the user’s important files (on the hard drive, on the organizations network or on the cellular). After the attack the attacker usually leaves a massage demanding payment for the decryption of the files and the return of the data to the user.
Popular Ransomware types
There are hundreds of Ransomware types known today, the most popular of them are the Locky Virus and the Cryptowall. Everyday new types of Ransomware appear, some are brand new and some are based on old viruses that have been changed for camouflage.
Over the past few years, we at Tic Tac have gathered information on data recovery during a Ransomware attack. We use our knowledge and experience In order to recover files that have been encrypted, in the best way possible.
How your system been attacked by Ransomware?
There are many methods of a Ransomware attack:
The most common of them is an Email attack. The user will receive an Email with an attachment (word, pdf, rar , zip, etc.)
In those files there is a code that will attack the computer with the opening of the attachment.
Other methods are, internet websites with codes or files for downloads, through links to the user’s cell phone, through the download of programs and many more.
How do you know that the files are encrypted through Ransomware?
The encrypted files usually change their name to an encrypted name or to the next extensions:
locky, ecc, ezz, exx, zzz, xyz, aaa, abc, ccc, vvv, xxx, ttt, micro, encrypted, locked, crypto, _crypt, crinf, r5a, XRNT, XTBL, crypt, pzdc, good, LOL!, OMG!, RDM, RRK, encryptedRSA, crjoker, 0x0, bleep, vault, HA3, toxcrypt, magic, SUPERCRYPT, CTBL, CTB2
Usually the attacker leave a massage in the encrypted folders with further instructions for an example:
Locky_recover_instructions.txt, DECRYPT_ReadMe.TXT, HELPDECRYPT.TXT, HELP_YOUR_FILES.TXT, HELP_TO_DECRYPT_YOUR_FILES.txt, RECOVERY_KEY.txt HELP_RESTORE_FILES.txt, HELP_RECOVER_FILES.txt, HELP_TO_SAVE_FILES.txt, DecryptAllFiles.txt DECRYPT_INSTRUCTIONS.TXT, INSTRUCCIONES_DESCIFRADO.TXT, How_To_Recover_Files.txt YOUR_FILES.HTML, YOUR_FILES.url, encryptor_raas_readme_liesmich.txt, Help_Decrypt.txt DECRYPT_INSTRUCTION.TXT, HOW_TO_DECRYPT_FILES.TXT, ReadDecryptFilesHere.txt, Coin.Locker.txt _secret_code.txt, About_Files.txt, Read.txt, ReadMe.txt, DecryptAllFiles.txt FILESAREGONE.TXT, IAMREADYTOPAY.TXT, HELLOTHERE.TXT, READTHISNOW!!!.TXT, SECRETIDHERE.KEY IHAVEYOURSECRET.KEY, SECRET.KEY, HELPDECYPRT_YOUR_FILES.HTML, help_decrypt_your_files.html HELP_TO_SAVE_FILES.txt, RECOVERY_FILES.txt, RECOVERY_FILE.TXT, RECOVERY_FILE[random].txt HowtoRESTORE_FILES.txt, HowtoRestore_FILES.txt, howto_recover_file.txt, restorefiles.txt, howrecover+[random].txt, _how_recover.txt, recoveryfile[random].txt, recoverfile[random].txt recoveryfile[random].txt, Howto_Restore_FILES.TXT, help_recover_instructions+[random].txt
The Ransomware recovery at Tic Tac Labs:
Tic Tac data recovery will decrypt the files by using our years of experiences.
Some methods of attack against the ransomware, will decrypt the files completely and will resume full use of the data by the user.
In other cases, we will try and recover deleted filed and try to find previous versions of the important data.
However, in some cases the only way to decrypt the data is by paying the attacker in order to receive the decryption key. Beyond decrypting the files we will need to build a safe working environment to protect the clients other resources and to minimize the threat of a returning virus.
We will perform all the process for the client to restore the files for safe use in the shortest time possible.
I was attacked by a ransomware virus what should I do?
Once you found out that the media was attacked by a Ransomware virus, we advise to shut down the media ASAP to minimize the attack. You will need to order a diagnostic HERE after that we will contact you for the media pickup. It is also possible to come to our labs and bring us the media – press HERE for directions. The first diagnostic is 100 NIS + vat.
After the diagnostic we will give you a price quote for the recovery.
For any further details feel free to contact us +972-3-6131555 or with the form or by email to sos@tictac.co.il .Tic Tac Data Recovery specializes in data recovery from all types of media and operating systems, in the event of either physical or logical damage.
Our track record includes over 60,0000 data recovery cases, with a 97% success rate. The value of the data recovered by Tic Tac’s experts exceeds hundreds of millions of dollars.
