Ransomware

Holmes Digital Investigation has successfully helped many businesses and private individuals recover from Ransomware attacks. A successful business can go from millions in profits to bankruptcy, and even possibly owing restitutions or settlements, in a matter of hours.

Holmes Digital Investigation does not help clients pay ransoms for Ransomware. We do not believe in contributing funds to criminals, and we know that it often does not work and/or leads to more problems. Therefore, it is our philosophy that all Ransomware victims should quickly take pictures of any messages on screens, then shutdown and/or remove power to all infected devices immediately, and contact Holmes Digital Investigation.

One mistake that we have seen many people make is that they assume the computer, phone, etc. that they first see evidence of Ransomware on is the only device infected. They might shut that device down, but not others, and then end up losing data on multiple devices. Sometimes people think they are okay because they have a backup, only to find out that the backup is encrypted also. It is possible for an infected device to encrypt data on a clean device. Unless you know that a particular device has no connection (wired, wireless, cloud, uses common accounts, etc.), to an infected device, shut it down.

Our Ransomware services employ some or all of the following steps:

• Halt the infection and encryption of data

• Recovery of data by extracting data from unencrypted sources (pagefiles, unallocated space, backups, etc.)

• Recovery of data by decryption of affected data

• Making recovered data useful to victim

• Removal of infection

• Enhancing security to prevent future infections

• Providing user friendly, resilient backup strategies to mitigate future issues

Our success rate is very high.