Technical advisory and custom decryption services for businesses, insurers and incident responders
We can help your organization to:
We move fast to help our clients recover their systems and get back to business in the shortest possible time. Our team of elite ransomware experts can:
Advise whether no-cost recovery is possible using existing decryption tools.
Significantly reduce recovery times in incidents involving:
Replace buggy or slow attacker-supplied tools with custom solutions that decrypt up to 50% faster with less risk of data loss.
Create workarounds that can be used to significantly reduce the ransom.
Reverse engineer attacker-supplied tools to ensure they are safe and malware-free.
Provide impeccable support, a high degree of flexibility and straightforward pricing.
Note: We do not negotiate ransoms or facilitate the payment of demands.
Our services are available on a per-incident or retained basis. Contact us to learn more.
Many, many thanks for all of your assistance
You jumped right in and, without any prior relationship, pulled out all of the stops to assist us. Fabian not only worked the entire night, he also worked a few miracles. The decryptor program saved us countless hours and headaches, and it enabled us to bring the majority of our systems back on-line for the start of business in the U.S. this morning.”
We reverse engineer the ransomware to look for potential bugs that either allow for free decryption or make decryption impossible due to data being intentionally or unintentionally corrupted.
We reverse engineer the ransomware decryptor to extract keys and add support to our superior in-house decryption tool. We analyze the decryptor to check for backdoors hidden by the ransomware authors and look for bugs that might damage or corrupt data during decryption.
We can optionally provide managed and unmanaged endpoint and server protection, which is effective not only against ransomware, but all types of malware.
If you require ransomware expertise on an ongoing basis, you may wish to consider retaining our services, which gives you continuous access to a wide range of ransomware-related services.
Built by the world’s leading ransomware experts, our decryptors are engineered to ensure data integrity and efficient system recovery.
Ideal for remote deployment in enterprise environments. Our tools can decrypt large amounts of affected systems with minimal supervision.
Aggressive multi-threading and hardware acceleration of common cryptographic routines result in superior performance.
Instead of overwriting encrypted data, our tools operate on copies of data. The original data is preserved, which eliminates the need to create backups.
Ideal for organizations what wish to avoid creating images or backups of encrypted data or are low on storage.
Proper reporting of all operations, including which files decrypted correctly and which did not, in either a human-readable format or a structured log (JSON) for convenient automated parsing.
Including files encrypted by multiple different ransomware families.
Allows for the same tool and key file to be deployed to all machines, no matter whether the threat actor supplied one decryptor for all machines or one decryptor for each machine.
Ability to decrypt certain drives, folders, or files first to ensure the most important files are recovered first.
Proper handling and preservation of permissions and timestamps if possible.
Emsisoft decryptors support files with paths longer than 260 characters and all file sizes.
All Emsisoft branding can be replaced with your company’s name.
If the decryptor is missing certain functionality that would make your client’s restoration project easier, please inquire about customization options. Depending on requirements, there’s a good chance we can provide a tailored solution on short notice.
File decryption is almost always limited by the speed of the storage that files are decrypted from and to. A modern CPU can easily decrypt 10 GB of data per second, but most organizations will not have storage that is anywhere near that fast.
To decrypt files, our tools need to, approximately, read every file once and write it once.
Clients can benchmark their storage, get their read and write speeds, and then create an estimate specific for their setup using the formula: Amount of data encrypted / read speed + amount of data encrypted / write speed.
As a rough guideline, given commodity hardware, our tools will decrypt about 180 GB of data per hour on mechanical hard disks, about 1 TB per hour on SSDs, and about 3.5 TB per hour on NVMe drives.
Instabilities, improper handling of permissions, problems with long paths over 260 characters, problems with files larger than 4 GB.
Reverse engineering is required to determine whether a decryptor is backdoored
Implementation errors can lead to irreversible data loss. Multiple ransomware families are known to damage files on decryption.
Often inconvenient to use and require users to interact with GUIs or text-based menus, which make it difficult to decrypt many systems in parallel.
Partial decryption is often not possible, which means everything that comes before the important data must be decrypted first.
Emsisoft has been leading the global fight against ransomware for the past eight years. We collaborate with law enforcement agencies to interrupt cybercriminals’ revenue streams and our ransomware decryption tools have helped individuals and organizations avoid more than $1 billion in ransom demands.
We have broken more ransomware families and created more decryptors than anyone else in the industry and know how to navigate the pitfalls associated with decryptor development. Europol’s No More Ransom Project named Emsisoft as its largest provider of ransomware decryptors.
Known in the industry as one of, if not the, best ransomware expert.” – BBC News. Fabian has discovered decryption mechanisms for more strains of ransomware than anyone else on the planet.
Described by ProPublica as a “Ransomware Superhero” and recipient of the FBI Director’s Community Leadership Award for his work on ransomware decryption.