so to finish my story after paying bitcoin to the perps.. that did not work... then a deposit to an american specialist who after looking at the encryption wanted a lot of money... then went on a gut call to a European specialist that required two payments as the first try only half was retrieved and finally this weekend after 6 weeks of turmoil we now have all the data. The whole issue here was that the backups were useless and we had no choice but to try all options and yes it did work for us a few thousand later. You are right we should not pay them... what would you do... sink the company.... thats all and well but we have to be realistic here....the company cannot operate so eventually people loose there jobs... and backups now... through the roof... What would you do?
Hello, @madden2008,
first of all, I am really happy that you had the luck of getting your files restored - would you mind sharing how did the spicialist recover them? Because the thing that comes to mind is that they charged you the same sum or more than the sum asked by the ransomware, they paid the cybercriminals and got the decryption key and then they gave it to you. That has happened in the past, so I cannot exclude it, yet I am curious to what the specialist told you. (
By looking back at the comments, I see that you had the same suspicion yourself, and I didn't see that last line, so I didn't answer.)
Second of all, I will just repeat what I said above with a little more detail:
you should not pay the ransomware creators
By paying cybercriminals, you support them financially, you motivate them further to create ransomware, you might be seen as an accomplice as you do knowingly help criminals. Plus, there is no guarantee that you won't get your files encrypted again in the future by the same criminals.
Companies, which promise to decrypt your files are usually a scam
There are many companies that try to scam people, as harsh it may sound - it is true. I never said that ALL such companies/specialits are such. Again, I am glad you had a lucky strike in your case.
I see business paying, because they need their files to keep the business running, but that should not be an excuse or at least, not the first thing you do.
Like I said before, I know what is at stake, and that such files keep a business afloat. But paying shouldn't be the very first thing to do. I am speaking in general, that people should first inform themselves on the matter, evaluate their options, try everything that they can for free as a restoration method, and then maybe as a last option pay an engineer or a recovery specialist (who is not known for ONLY recovering files from a ransomware hit, but recovery in general, from disk drives etc).
As you said yourself, you paid the criminals, after which the company you paid a lot of money to, didn't manage to recover what you needed, and just prolonged the process and milked you for more cash. At the end a specialist recovered the data.
Now, probably this was the first time you encountered a hit from a ransomware cryptovirus and didn't know what to do, but doing a better research and informing yourself better should have been a priority. Yet again, I don't know exactly what you did and not everybody can provide you with a good insight and know-how about what your options are. Still, I hope you recover that money with your business and treat the situation as a learning curve and getting your company stronger.
Best Regards,
Execute
