Skip to content

Table of Contents

What is a Ransomware Recovery Evaluation? Reasons Process Costs

What is a Ransomware Recovery Evaluation? (Reasons, Process, Costs)

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on print

A ransomware recovery evaluation is the process of professionally assessing a computer and network following a ransomware attack. From this evaluation, the options to decrypt your files are presented in a complete quoted package.

It’s fair to say no one wants to be in the shoes of a ransomware victim. If you are responsible for the IT or data security at your company, not being in control of your network can make you feel anxious. You might even feel guilty as if something you missed could have caused this ransomware attack.

First and foremost, you’re not the only one who has experienced this pain. We’ve seen ransomware attacks disrupt companies, and we fully understand the difficult circumstances that come with the attack. As a ransomware recovery service trusted by thousands of clients, we recognize these ransomware victims’ challenges and stand along with you every step of the way.

Ransomware recovery evaluation

After researching your options for ransomware recovery, maybe you’ve decided it’s time for a cyber security professional to evaluate your situation and help you back up and running again. 

This article will help provide direct insight into how the ransomware evaluation process works and what you should expect from a ransomware recovery evaluation. 

By the end of this blog, you will: 

  • Understand the benefits of a ransomware evaluation  
  • Learn how the ransomware evaluation process works
  • Discover the cost of ransomware recovery evaluation

Why do I need a ransomware recovery evaluation?

When recovering your data from a ransomware attack, a ransomware evaluation is the first step towards recovering the locked files. 

Most ransomware recovery can be executed via a remote connection to your network. A remote evaluation can help your company respond quicker to ransomware and cut costs by avoiding in-person labor charges.

Why do I need a ransomware recovery evaluation?

Sometimes, ransomware victims ask if they can just send the encrypted files to see if they can be decrypted. If you only send the encrypted files, it doesn’t allow the ransomware recovery specialist to thoroughly analyze the ransomware attack. Think about a traditional crime scene: detectives need to see the entire breadth of evidence to draw more accurate conclusions and plan their next steps in the investigation.

Below, you’ll find an outline of how a ransomware evaluation can benefit your recovery efforts.

1) Identify ransomware variant

After the ransomware recovery evaluation, you will know exactly what ransomware variant (program) you’ve been infected with. There are hundreds, if not thousands, of different ransomware variants out in the wild with new ones emerging almost daily. Ransomware recovery specialists use internal, proprietary intelligence and public databases (such as ID Ransomware) to help identify the variant. 

Knowing more about the ransomware variant can help give context to the malware and if it’s decryptable at this moment in time. Some ransomware groups are also infamous for threatening to leak your data online, and knowing which variants are linked to these groups is essential to the recovery process.

2) Discover the attack vector used to deploy ransomware

During a ransomware evaluation, a ransomware recovery service will help analyze how the ransomware attack initially happened

If you need additional information on the attack, it’s critical to detail every move the attacker made while on your network. Preserving ransomware evidence for a ransomware forensics investigation can dive deeper into the attack and also help your business learn if data was exfiltrated (stolen) from your network.

3) Determine if the malware encryption is breakable

During the ransomware recovery evaluation, a malware analyst examines the executable (malware program) that was used to encrypt your files. This can be done as an option to recover without restoring from backups, or paying the ransomware.

What is involved in the ransomware evaluation process?

Below you’ll find a step-by-step outline of what to expect from the ransomware evaluation process. On average, you can expect the evaluation to take 1.5 hours of your time. Depending on the network layout and number of encrypted servers, it could take more or less time.

1. Establish connection via remote access

Most ransomware recovery services can assess the ransomware on your network via a remote connection

The ransomware recovery service will provide step-by-step instructions on how to safely connect your ransomware-infected device for evaluation.

2. Ransomware recovery specialist collects data points and evidence

During the ransomware recovery evaluation, the ransomware recovery specialist combs through your computer and network to examine essential data points. 

Data Points Collected After the Ransomware Attack
Data Points Collected After the Ransomware Attack

Example of data points collected during the ransomware recovery evaluation: 

  • Date and time of the attack
  • Ransomware variant
  • Number of endpoints affected
  • Number of servers affected
  • File extensions
  • Operating system information
  • Type of data encrypted
  • Data backups (if available)
  • Previous recovery attempts
  • Network drives affected

These data points will give the ransomware recovery specialist an understanding of how your case can be resolved. 

A ransomware evaluation’s findings also provide you with the information required to report the ransomware crime to authorities. This initial information can also be leveraged in ransomware forensics which can help disclose if any data was stolen or exfiltrated off the network.

Ransomware recovery remote evaluation process
Ransomware recovery remote evaluation process

3. Detailed report and ransomware recovery options presented

Following the initial remote assessment, a ransomware recovery specialist will inspect these data points and assemble a preliminary report. The specialist considers all possible options for recovering the ransomware-encrypted files

The evaluation report will provide you with information on the likelihood of successful recovery using these methods. In the event the only option for data recovery is paying the ransomware, a reputable ransomware recovery company will explicitly make that clear during this stage. 

After the options for ransomware recovery are presented, it will be sent to you for review so you can decide how to proceed. If you approve the recovery proposal, you will then be sent an official quote.

4. Estimated cost of ransomware recovery presented

The conclusion of a ransomware recovery evaluation will result in an official quote that outlines the service fees and statement of work. This quote includes a detailed list of how the ransomware recovery specialists will recover your locked files.

Understanding the costs of ransomware recovery will give you more insight into the factors that determine the final price of ransomware removal.

How much does a ransomware evaluation cost?

Now that you understand the benefits of a ransomware evaluation, how much does a ransomware evaluation cost? The price you pay to have your ransomware incident evaluated will vary, depending on the turnaround time and the company you choose to conduct the evaluation. 

The cost of a ransomware evaluation can range from $0 to as high as $5,000. 

This cost can be influenced by: 

  • Existing number of cases for the ransomware recovery service 
  • Number of systems
  • Fixed costs for their assessment 

At Proven Data, standard evaluations are free and emergency evaluations conducted outside business hours are $400. 

Depending on how quickly you need your data back, this might be a deal-breaker between choosing your professional ransomware recovery service. 

When it comes to the ransomware recovery evaluation, make sure you know exactly what services you’re receiving during the evaluation stage. Ransomware recovery services should be transparent and forthcoming about any fees or expenses related to the ransomware evaluation and exactly what it will cost you. 

Remember, this is primarily an assessment of the ransomware malware and the damage to your data and network. A ransomware evaluation does not include the decrypting of locked files or removal of ransomware.

What are the next steps to decrypt my files?

If you need your business files back and networks recovered after a ransomware attack, performing a ransomware recovery evaluation will give you the information you need to decide how to move forward. Now that you understand how a ransomware evaluation works, you can make the decision that is best for your company. 

Need help decrypting your files?

If you’re thinking of having your locked files decrypted by a professional, the first step is to open a case and schedule a ransomware recovery evaluation.

Was this content helpful?

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
Share on print
Print
Popular Insights