+30 210 0220210

Learn more about Tic Tac with our new 3′ corporate video.

We can help you – immediately.

FILE RECOVERY FROM RANSOMWARE

TicTac’s Cyber ​​Security team has completed over 2000 Ransomware incidents both in Greece and abroad.

Ransomware Decryption – We restore your files to a working state, reduce your business recovery time, trace the exact history of the attack, and prevent future attacks.

Talk with an expert
Talk with an expert
+30 210 6897383
Ransomware Insident Response

Report a Ransomware Incident!

If you have been a victim of a Cyberattack or Ransomware, then click the button next to it to fill out the form with the information you will be asked to review your case.

Fill out the form

We will recover your files from ransomware attacks and reduce your business’s costs and recovery time.

Customers whose data has been recovered from Ransomware

Mike Smith
Mike Smith
Professor

Tic Tac Data Recovery provided a very good and professional service. The damaged hard drive was given to two specialists data recovery companies in the UK who could not recover any data. (Note: these two UK companies carry out both forensic and security work)

Well done Tic Tac for a good job!

Rev3
John Lekkas

Great experience on a really hard case, 100% recovery success from raid0 SSDs. Friendly and professional.Highly recommended

Rev2
David Bravo Trujillo

Very professional team. Thanks for the help provided. 10000% recommended. Personalized attention, they even speak Spanish!!! Everything is very easy with them. Thanks to Katerina for always keeping me updated.

Aegean White
Alpha Bank White
Dei White
Eurobank White
Ote White
Revoil White
Alpha White
Dell White
Media Markt White
Plaisio White
Shell White
Siemens White
Toshiba White
Wind

Learn about Ransomware

You are on this page for one of the following reasons:

  • My system has been locked by Ransomware.
  • A virus encrypted my files.
  • Ransomware has locked my files.
  • Will I get my files back if I pay the ransom to the hacker?
  • I need someone to help me with the ransomware attack I received.
  • How do I decrypt my locked files?

How can we help with Ransomware?

When no other options are available and losing the records is critical, paying the ransom might be a decision management has to consider.

At Tictac we first start by looking at the options you have.

The technical team and management then hold a consultation session to explain the best plan for getting the business up and running as soon as possible.

Your collaboration with Tictac and the Cyber ​​Security department reduces business interruption time by approximately 80% and future-proofs your infrastructure against future attacks.

Best Ransomware Protection from TicTac

Tic Tac’s Ransomware Incident Response team actively opposes paying ransoms, which should be avoided at all costs. That is why we first explore all remaining alternatives to recovering the client’s files.

Diapragmateysi Ransomware Hacker Negotiation Ransom Payment Pliromi Litron 1
Ransomware negotiation, cost reduction and ransom payment

Ransomware Incident Response – Protection Guide & Procedure

The steps we follow are as follows:

  1. Ransomware detection and identification, then research for free solutions (Free).
    • First, our team investigates what is the Ransomware Strain we are dealing with.
    • We are looking for possible free solutions from publicly available Decryptors.
  2. Contact the Hacker to see his demands and what Bitcoin ransom he is asking for (Free).
    • Secure communication and attempt to negotiate based on a specific communication protocol to reduce the amount.
    • Specify the amount in Bitcoin / USD, the commitment of the Hacker, and proof of concept procedures.
    • Search TicTac’s database to identify the Hacker’s credibility.
  3. Consulting services before proceeding with any move.
    • Consulting services include actions that the typist should take before we proceed to avoid a bad outcome due to negligence.
    • Consulting services on how Bitcoin/Cryptocurrency payment works.
  4. Search for possible locations of critical files.
    • Search the client’s computers to see if we can reverse engineer the virus or if it has open connections that show the encryption key.
    • Search in the middle of the client to see if we can use Shadow Copies or perform a logical recovery.
  5. Online Investigation: Fast Digital Forensics to study how the attack took place.
    • We perform Fast Digital Forensics in approximately 3 days, a process that allows us to answer important questions.
    • When did the Hacker enter our infrastructure? How long was he inside? From which machine did the attack start, and what corporate files were leaked?
  6. Ransom payment guidance services (if there is no other option for the customer and they decide to pay).
    • 100% Success in Paying Ransoms to Hackers, No Mistakes in Cryptocurrency Technology.
    • We recommend and guide you on how to find the necessary Bitcoins and help you buy the necessary amount immediately without waiting.
    • We take care of your Wallet creation and consulting in the field of cryptocurrencies so that no mistakes are made.
    • We provide you proof that your cryptocurrency transaction has been received by the Hacker.
  7. Recover your files from Ransomware.
    • A professional IT engineer will remotely (by phone and via Teamviewer) guide your engineer.
    • At the end of the incident, we provide you with a detailed report for any insurance company or the authorities.
    • Support after the event.
    • Suggestions for Optimizing Your Protection and Disaster Recovery Plan.
  8. Legal Advice and guidance
    • Specialized legal advisors inform you of the necessary steps during or after the event.
    • We manage the statements to the Data Protection Authority, Letters to involved bodies, and complaints to the Electronic Crime.
  9. Bitcoin Tracking & Blockchain Research
    • Since the amount that went to the Hacker is large, we can follow his tracks on the Blockchain.
    • With appropriate investigation actions (which are justified when the amount is greater than €50,000) we can identify where the Hacker will disburse the money.
    • When disbursing it, we freeze the amount, as 80% of Hackers disburse to an exchange.
  10. Securing the infrastructure from Cyber ​​Security issues
    • After the incident and while our team is inside the customer’s infrastructure, we ensure that we work in a sterile environment.
    • Special cleaning and monitoring tools are installed on each computer to prevent another attack.
    • TicTac’s Security Operation Center team monitors the customer’s infrastructure 24/7.

If the only solution is to pay the ransom and we have considered all the alternatives while it has been decided to cooperate with the Hacker and pay the ransom he asks for, then we proceed to negotiation with the Hacker.

Ransomware Negotiation Service / Ransomware Negotiation Service

Our company maintains a specialized database and monitors many Hacking Groups daily with specialized Dark Web Monitoring tools, resulting in behavioral analyses.

With the above data available, we can calculate our chances of receiving our files decrypted if the ransom demanded by the hacker group is paid.

To the customers with whom we negotiate with the Hacker team, we ask them not to contact us at all so that we can begin the conversation with the Hacker from the very first moment.

We have identified specific communication patterns that improve the transaction and bring successful results without extra blackmail at the end.

Our communication lasts the entire process until the Ransomware ransom payment.

Support during the Ransomware Decryption process

If everything goes well in the negotiation with the Hacker who encrypted the files through Ransomware, the company assigns specialized engineers to work to support the customer in the decryption.

The parallel process of support with specialized engineers is equally important as Digital Forensics work can be done simultaneously.

Taking specialized Backups during trading is especially critical.

At this point, very important advice is given regarding the precautions that the customer’s IT department should take before running the Decryptor.

The computerization department is also guided on the actions to be taken during and after its execution, as there have been several complications in the past.

Recommendation for protection measures after the event of a Ransomware Incident Response

As soon as the process ends successfully or even if we do not manage to get a good result, the client’s consultation begins.

A partner of our company will recommend 3 specific pillars for protection.

  1. Hybrid Cloud Backup & Disaster Recovery
  2. Penetration Test
  3. Cyber ​​Security Insurance

Transaction Costs and Ransomware Incident Response Service

The Ransomware Incident Response & Negotiation service is only provided to companies and not to individuals and is a process that usually takes 2 to 15 days.

Throughout, there is customer support in all matters such as:

  • Technical Advice
  • Cybercrime Negotiation Techniques
  • Crisis Management Consulting
  • The physical presence of specialized staff if deemed necessary
  • Cooperation with the internal or external IT department (Computerization) of the client
  • Compilation of Reports for Insurance Companies
  • Support in Drafting a Report for the Personal Data Protection Authority
  • Counseling for the next day

The costs of involving the TicTac Data Recovery team start from €1500, and a detailed offer is given depending on the working hours, the involvement of partners, and the type of Ransomware.

Related Reports

Should I pay the Ransomware ransom?

Paying Ransomware ransoms is not recommended for any reason, but when all alternatives are considered and the files are critical to the operation of a business, then it may be the only solution.

It is important that before you decide to pay the Ransomware ransom we look at the following alternatives:

  • Checking the last backup you have
  • Assessment of damage if the ransom is not paid
  • Estimate the manual work required to restore your infrastructure
  • Attempt to recover deleted data
  • Examining damaged hard drives that may have useful data
  • Scan media or NAS that have been formatted
  • Attempting to retrieve data in SQL databases
  • Attempt to recover data on Virtual Machines (VMDK, VHD files)
  • Credibility check of the Ransomware group that attacked you so we know their credibility as sometimes hackers never deliver files and disappear, decryptors don’t work, or ask for more money after the first payment.

If you have any Ransomware infection, then you can leave all the above procedures to TicTac’s expert team.

Attention! Although we have many success stories of clients, small businesses, and multinational organizations in our history, it cannot be taken for granted that we will always have a good result, although our involvement usually has good results and our clients receive the majority of the files decrypted.

If you have a Ransomware incident, contact our team immediately without taking any action to give you the first advice.

You will need to fill out this form in detail to get a full picture of the incident and your infrastructure: Incident Ransomware Report.

Banner Banner_DAM Banner_DAM