Wanna pay for criminals to get your data back? Think again and choose the legal option!

  • FREE ANALYSIS

    legal invoice

    payment by Paypal

    no Bitcoin required

24/7 Customer Support

help@wannacrypt.com

What can we recover for You today?

So it happened. Your data has been encrypted. If you don't want to pay the ransom, then you have basically two options: entrust recovery of this data to a company, which specializes in data recovery by performing such services several times a week - or try to recover them yourself, with a better or worse results, but without paying anyone. If you choose the latter, ask yourself a few simple questions, ideally before you start:

1. Which tools do you want to use? Have you ever used them? Do you have any action plan?

2. Do you want to recover the data to the same drive, or do you have a separate one?

3. Should the infected computer should be still turned on?

These questions are important, because Your data in original, unencrypted form, most likely are still on the disk - statistically means, the more free space was available on each partition, the more original data are still not overwritten. But if you:

- install any programs on the same drive

- try to recover the data to the same drive

- keep Windows running (or worse: rebooting) and writing various logs and other files

...then all these actions lead to further overwriting data that otherwise would be still recoverable.

What can we do better?

1. We have all the required knowledge, experience and necessary equipment, so that we do not make simple mistakes, which are easy to make, when you're very stressed and acting under the influence of emotions.

2. We don't work on original drive. At the beginning we make a copy ("image") of it and work only on this copy (replicated across 4 computers), so the original drive can be immediately transferred eg. for forensic analysis, or simply formatted and reused.

3. For SSD drives, we can access redundant areas (depending on the controller model), which can contain previous versions of original data - you can't do it yourself without specialized equipment.

4. We perform data recovery with 4 different algorithms, searching disk image in different ways, which significantly increases the chances of finding files in various unusual formats, eg. license keys.

5. But first of all...

SSD drives
Family on vacation (stock photo), partially damaged and repaired by our technology. Can you see the difference?

...we have our own, proprietary tools to rebuild damaged and incomplete files in various formats:

  1. - JPG photos
  2. - SQL Server databases (both MDF and BAK)
  3. - PST files from Microsoft Outlook
  4. - ZIP archives
  5. - VHDX containers with virtual drives from hypervisors like Hyper-V

On the picture beside you can see a sample of our technology: this picture was intentionally partially damaged (part of water area was overwritten with random data, and then repaired by rebuilding lower resolution data using JPG progressive data stream).

If you run an accounting/tax office...

Since 2013 we are the partners of major polish ERP systems manufacturers: Comarch SA (authorized for Comarch ERP Optima) and InsERT SA (authorized for Insert GT). We have a few years of technical experience with various ERP systems and basic domain knowledge within ERP, finance/accounting, logistics, manufacturing and document management areas - enough to perform and discuss details of complicated per-table data recovery cases, where full database recovery/rebuild is no longer possible (not only because of ransomware infection).

As probably the only company in Poland, we have proprietary tools to rebuild heavily damaged SQL Server databases, or extract data from them on per-table basis preserving relations.

InsERT Partner         Comarch Partner    

Tomasz Klim - Comarch ERP Optima technical authorization

I would like to try - what's next?

1. Click here to choose the ransom message that you see on your computer - you will see the recovery pricing adjusted to your particular virus type (that can vary from general pricing below).

2. Turn off the infected computer as soon as possible, remove the hard drive, pack it securely and prepare for shipment. Remember to attach shipment and invoice data inside (otherwise we won't be able to send it back).

3. Write us to help@wannacrypt.com, so you'll get the address, to which you should send the package with the drive (this address depends on your country, so if you found us after someone's recommendation, please don't simply reuse address given to them).

4. You can also send the entire server, if the whole RAID array (other than RAID1), or SAS drives have been encrypted. In case of RAID1, send just one of the drives.

5. Typical time of full analysis is around 36 hours per 1 Terabyte. Drives are processed in FIFO queue. Please notify us earlier, if you're interested in priority analysis (details below).

6. After full analysis, you'll get emails with invoice and link to download the recovered data. You can pay in Paypal, after recovering the data.

7. If we're unable to recover anything, the whole analysis is free, and you pay only for return shipment of the drive.


Service Price
Preliminary analysis
FREE*
Full analysis and data recovery (drive/RAID)
$190 / 1 SATA/SSD** drive up to 4TB***
Full analysis and data recovery (RAW image, uncompressed, each partition as separate file)
30% discount
Return shipment
$15 or more (depends on country)
Connecting/assembling additional equipment****
$20/h
Additional manual analysis*****
$80/h
Priority work (available 24/7)
+50% for all above prices

* - preliminary analysis is always free, regardless of whether you decide to entrust us with data recovery or not; you only pay for return shipping and any additional work

** - SAS drives, or RAID arrays other than RAID1, are supported only if you send the entire server, inside which they operated (and this server has to support booting from USB) - all drives inside RAID array are treated as 1 logical drive (so you pay only for 1 drive, not eg. 5)

*** - drives over 4TB are treated as 2 or more drives (multiple of 4TB)

**** - if you send the entire server, or external drive with unusual interface/power supply, and it needs additional connecting/assembling work (eg. drives packages separately from chassis)

***** - all additional manual analysis work is carried out after agreeing with the customer - we'll contact you first and suggest, what additional improvements we can do in your case (if any)