Ransomware Remediation: Recovery vs Removal

What are the differences between ransomware removal and recovery?

When researching how to remediate a ransomware infection it is important to clarify between two very popular search terms, ‘ransomware recovery’ and ‘ransomware removal’. Some data recovery shops purposefully obfuscate the two terms, but the differences are important and can meaningfully impact the strategy and cost of your remediation plan.

When vetting a data recovery consultant for help with your ransomware remediation plan be sure to understand if you need ransomware removal or ransomware recovery.

Screen Shot 2018-04-30 at 10.44.09 AM.png


Ransomware Removal

Ransomware removal deals strictly with removing the virus that encrypted your data. Ransomware removal does not include recovering the encrypted data.

When developing a ransomware removal plan one must identify how the ransomware got onto the machine, and how to ensure it has been properly removed.


Ransomware Recovery

Ransomware recovery deals with both recovering encrypted data and removing the ransomware virus. When recovering from a ransomware infection the implication is that you want to decrypt some or all of your data and you also want to ensure that the ransomware has been removed from any infected machines.

When developing a ransomware recovery plan it is important to prioritize the recovery and removal steps.

Our strategy for ransomware recovery can be found here.