Contact an Expert
Submit a Case
logoX2.jpg
logoX2.jpg

Ransomware virus

Ransomware virus

What is Ransomware?

Tic Tac specializes in data recovery after an attack of Ransomware. The Ransomware encrypts the user’s important files (on the hard drive, on the organizations network or on the cellular). After the attack the attacker usually leaves a massage demanding payment for the decryption of the files and the return of the data to the user.

Popular Ransomware types

There are hundreds of Ransomware types known today, the most popular of them are the Locky Virus and the Cryptowall. Everyday new types of Ransomware appear, some are brand new and some are based on old viruses that have been changed for camouflage.

Over the past few years, we at Tic Tac have gathered information on data recovery during a Ransomware attack. We use our knowledge and experience In order to recover files that have been encrypted, in the best way possible.

How your system been attacked by Ransomware?

There are many methods of a Ransomware attack:

The most common of them is an Email attack. The user will receive an Email with an attachment (word, pdf, rar , zip, etc.)

In those files there is a code that will attack the computer with the opening of the attachment.

Other methods are, internet websites with codes or files for downloads, through links to the user’s cell phone, through the download of programs and many more.

How do you know that the files are encrypted through Ransomware?

The encrypted files usually change their name to an encrypted name or to the next extensions:

locky, ecc, ezz, exx, zzz, xyz, aaa, abc, ccc, vvv, xxx, ttt, micro, encrypted, locked, crypto, _crypt, crinf, r5a, XRNT, XTBL, crypt, pzdc, good, LOL!, OMG!, RDM, RRK, encryptedRSA, crjoker, 0x0, bleep,  vault, HA3, toxcrypt, magic, SUPERCRYPT, CTBL, CTB2

Usually the attacker leave a massage in the encrypted folders with further instructions for an example:

Locky_recover_instructions.txt, DECRYPT_ReadMe.TXT, HELPDECRYPT.TXT, HELP_YOUR_FILES.TXT, HELP_TO_DECRYPT_YOUR_FILES.txt, RECOVERY_KEY.txt HELP_RESTORE_FILES.txt, HELP_RECOVER_FILES.txt, HELP_TO_SAVE_FILES.txt, DecryptAllFiles.txt DECRYPT_INSTRUCTIONS.TXT, INSTRUCCIONES_DESCIFRADO.TXT, How_To_Recover_Files.txt YOUR_FILES.HTML, YOUR_FILES.url, encryptor_raas_readme_liesmich.txt, Help_Decrypt.txt DECRYPT_INSTRUCTION.TXT, HOW_TO_DECRYPT_FILES.TXT, ReadDecryptFilesHere.txt, Coin.Locker.txt _secret_code.txt, About_Files.txt, Read.txt, ReadMe.txt, DecryptAllFiles.txt FILESAREGONE.TXT, IAMREADYTOPAY.TXT, HELLOTHERE.TXT, READTHISNOW!!!.TXT, SECRETIDHERE.KEY IHAVEYOURSECRET.KEY, SECRET.KEY, HELPDECYPRT_YOUR_FILES.HTML, help_decrypt_your_files.html HELP_TO_SAVE_FILES.txt, RECOVERY_FILES.txt, RECOVERY_FILE.TXT, RECOVERY_FILE[random].txt HowtoRESTORE_FILES.txt, HowtoRestore_FILES.txt, howto_recover_file.txt, restorefiles.txt, howrecover+[random].txt, _how_recover.txt, recoveryfile[random].txt, recoverfile[random].txt recoveryfile[random].txt, Howto_Restore_FILES.TXT, help_recover_instructions+[random].txt

The Ransomware recovery at Tic Tac Labs:

Tic Tac data recovery will decrypt the files by using our years of experiences.

Some methods of attack against the ransomware, will decrypt the files completely and will resume full use of the data by the user.

In other cases, we will try and recover deleted filed and try to find previous versions of the important data.

However, in some cases the only way to decrypt the data is by paying the attacker in order to receive the decryption key. Beyond decrypting the files we will need to build a safe working environment to protect the clients other resources and to minimize the threat of a returning virus.

We will perform all the process for the client to restore the files for safe use in the shortest time possible.

I was attacked by a ransomware virus what should I do?

Once you found out that the media was attacked by a Ransomware virus, we advise to shut down the media ASAP to minimize the attack. You will need to order a diagnostic HERE after that we will contact you for the media pickup. It is also possible to come to our labs and bring us the media – press HERE for directions. The first diagnostic is 100 NIS + vat.

After the diagnostic we will give you a price quote for the recovery.

For any further details feel free to contact us +972-3-6131555 or with the form or by email to sos@tictac.co.il .Tic Tac Data Recovery specializes in data recovery from all types of media and operating systems, in the event of either physical or logical damage.

Our track record includes over 60,0000 data recovery cases, with a 97% success rate. The value of the data recovered by Tic Tac’s experts exceeds hundreds of millions of dollars.

Contact an Expert




    Contact Expert
    Submit a Case

    Accessibility Toolbar

    Legal Terms

    1. I hereby deliver to Tic Tac Technologies Ltd. (Tic Tac) Specific media as written on page 1, in order to diagnose and evaluate whether the information can be recovered.  The cost of service is related to the time and necessary equipment needed to make the recovery successful.  After arriving to the Tic Tac laboratories the media will be evaluated and a price quote will be decided for the recovery process.  The price for evaluation will be 500 NIS if the media delivered has already been tampered and physically opened.   The diagnostic price for RAID is 200 NIS per disk and it takes up to 24 hours. The diagnostic price for emergency case when our labs are closed – 5000 NIS.
    2. Packaging and shipping –  The client is responsible to send the media in a proper package.
      You can ask UPS / local courier driver to get a Tictac package, which they carry in their car. If the drive don’t carry a proper package, please pack the drive by the following instructions:
      Step1: Remove the disk from your computer, remove any brackets and cables.  We only need the disk.  Try not to touch the green circuit board.
      Step2: When possible, put the disk in an anti-static bag to avoid possible damage from static electricity.  Don’t have an anti-static bag? Please use a plastic bag.
      Step3: Package the disk with foam and/or packaging peanuts tightly so that the drive does not shift during shipping.
      Step4: Write your case no. down on the package.  We will contact you as soon as the package arrives to our offices.
    3. If the clients decides not to recover the data after the diagnostic – we client can get the media back with a courier (additional charge of delivery).
    4. Tic Tac Is committed to complete privacy and confidentiality of the materials handled by the recovery team.  Unless stated otherwise by the client, All recovered data be erased after 7 working days from Tic Tac data base. Based on section 11 of the Israeli privacy protection law, there is no mandatory to supply Tictac the clients information details for the service. The clients information details will be not delivered to 3rd party.
    5. Tic Tac is by no way responsible for the transport of the media to and from her offices.  The responsibility of safe transport of the media shall be on the customer, even if the delivery was paid for by Tic Tac.
    6. This form serves as the initial order to begin Recovery work.  The form will be enclosed with the report and become an inseparable part of that report.  The report along with this form will constitute as evidence for undergoing all the aforementioned tasks of Data Recovery, and the mutual agreement for both sides the client and Tic Tac.
    7. A big portion of the payment shall be made before initiating the Recovery service.  Incase the requested amount shall not be paid, Tic Tac is at liberty to refuse continuance of the recovery, and that action will not constitute a breach of this agreement, furthermore the client will not have a right to take any legal action against Tic Tac.
    8. Tic Tac is eligible to develop and recover data given to it by the client and delay delivery of such data due to lack of payments to Tic Tac by the client.  Such delay right; will be joined together with other rights of delaying customer Data.
    9. Tic Tac is entitled to request partial payment for Work already done under the specific request of the client along with interest and any other expenses.  Payment in such cases will be conducted through credit card or bank cheques or Bank transfer.  The payment will be in accordance with the price first agreed and approved upon by both sides before the recovery process begun.
    10. This form will be forwarded to the customer and then delivered back to Tic Tac signed by the customer.  The client on behalf of the Proprietor will be held responsible and identify by using his/her name, address and I.D. card number.  The client will be held responsible for the obligations stated in this contract even if he/she is not entitled to act on behalf of the Proprietor.
    11. Incase no hardware shall be requested back by the client within a period of 60 days from the day of delivery, Tic Tac can take possession of such hardware and is entitled to sell, use for parts or destroy without prior notification of the client.  In such a case Tic Tac will not be held responsible and such neglect of hardware by the client will be considered neglect and abandonment of hardware and will not grant the client to take legal action against Tic Tac.
    12. The client understands that the media that was delivered to Tic Tac may have already been harmed or deleted without ability of recovery.  The client verifies that Tic Tac will not be held responsible as for the status of the media and/or deletion of data from the media, for any reason.  Tic Tac is not responsible for any damage caused as a result of loss of data that was in her possession for any reason.  The maximum liability amount that Tic Tac can be accounted for will be the full data recovery diagnostic fee.
    13. All prices stated above do not include VAT (17% for Israeli citizens only).

    הוראות הגעה למעבדת טיק טק טכנולוגיות:

    מאיילון צפון: יוצאים במחלף ההלכה.
    פונים ימינה לכוון רמת גן. פנייה ראשונה ימינה לדרך מנחם בגין.
    פנייה ראשונה ימינה לרחוב התע”ש 10, בניין “בית הקרן” , קומת קרקע

    מאיילון דרום: יוצאים במחלף ההלכה. עולים על גשר ההלכה לכיוון רמת גן.
    פנייה ראשונה ימינה לדרך מנחם בגין. פנייה ראשונה ימינה לרחוב התע”ש 10, בניין “בית הקרן” , קומת קרקע.

    שעות הפתיחה:  0800-1800 בימים א’-ה’. שרות מחוץ לשעות העבודה, במקרי חרום, ע”פ דרישה.

    כתובתנו:  התע”ש 10 קומת קרקע, רמת גן 52512. טלפון: 03-6131555 נייד חרום: 0522-877477