Your files were encrypted by ransomware? We can save you!

By paying anything to criminals you support development of new, yet more aggressive versions of ransomware. But now you have a choice: we can recover most of your data, cheaper than criminals and in legal way.

What to do, once you're infected:

  • turn off your computer as soon as possible
  • open it and remove the hard drive, pack it shock-safely and ship it to this address:
    Klim Baron Business Solutions Sp. z o.o.
    Ransomware Team
    ul. Swiety Marcin 29/8
    61-806 Poznań, POLAND
  • make sure to attach the paper with your invoice data (if you want an invoice), and address, where to ship back the disk after analysis
  • instead of shipping the physical drive, you can make the full image of each partition and share only the image files (in fact, this is the preferred method for us, and you get 25% discount on the below prices for sharing only the image instead of sending the physical drive)
  • we will upload the encrypted archive with recovered files to Dropbox - and you'll get the password right after payment

Pricing

  • $80 (+applicable taxes) for analysis, no matter if we're able to recover anything (there is no guarantee, however in over 99% cases we are able to recover at least some files, see below for the details)
  • $20 (+applicable taxes) for each hour of manual work (if you have any special requests)
  • shipment fees (depend on country) - optional, if you want to get your drive back
In simpler cases we are able to recover 100% of your files.

In more complicated cases, where your files were encrypted using strong and properly implemented encryption, we can still recover:

  • deleted files, that weren't overwritten yet (we use 3 different algorithms to recover them!)
  • email software profiles (eg. Outlook, Thunderbird)
  • SQL Server and other databases
  • files, that the virus wasn't able to encrypt (eg. on different Windows account)
  • recently changed Microsoft Word/Excel documents (without original file names)
  • recently opened Microsoft Outlook email attachments
  • browser history and cached files
  • Shadow Copy backups, if previously enabled and not deleted by the virus
  • files with unusual extensions, mostly with keys/passwords, license/activation data, program settings etc.

Any questions? Feel free to email us directly at help@wannacrypt.com.