What should you do immediately?
- disconnect affected devices from LAN/Wi‑Fi,
- stop automatic synchronisation and backup restores,
- keep the ransom note, file extensions and logs,
- write down which systems are business-critical.
Dysk i Spółka • Ransomware incident
A ransomware attack and encrypted files require stopping blind actions first. We secure the evidence, backups and attack symptoms, then assess a realistic route for data recovery or environment restoration.
Urgent ransomware incident
Lost data after a ransomware attack? A computer, server or NAS shows extensions such as .locked, .encrypted, .crypt or .[email], and files no longer open?
Dysk i Spółka – Data Recovery Laboratory specialises in ransomware incident analysis, safe recovery of critical files and support during business environment restoration after an attack.
We first secure storage media, backups and material for analysis. Only then do we assess whether recovery, decryption, backup use or reconstruction from storage devices is realistic.
We handle cases from all over Poland — storage devices, servers and NAS units can also be sent by courier after prior contact. In urgent cases, we can start the technical interview immediately after the report.
Fast technical decision
After the first conversation, we will tell you what to secure, what not to do and whether the media should be disconnected, brought to the laboratory or prepared for shipping.
Service scope
Honest rules
We do not promise magical decryption. First we stop the incident, secure copies, check storage media and only then indicate realistic paths for recovery or environment rebuild.
Warning signs
After ransomware, the same signals usually appear: files change names, cannot be opened and the system shows payment instructions. The key is not to overwrite traces and not to make the situation worse in production, backups or snapshots.
If documents and photos do not work and names or extensions changed — do not run “repair” tools and do not reinstall the system.
Disconnect the computer from the network, keep the note, sample files and logs. These elements help distinguish data recovery from environment rebuilding.
Do not restore backups to the same resource without a plan. First we need to establish when encrypted data started being written and whether snapshots are intact.
Work process
We briefly establish the symptoms, attack type and most important systems.
We verify the ransomware type, encryption scope and recovery options. Standard diagnosis costs 0 PLN.
We assess damage scale, decryption options and recovery potential from other data layers.
After analysis, we present realistic options and a clear range based on scale and data type.
We work on secured copies, recover possible data and provide a clear report with limitations.
Accounting offices, medical practices, trading companies, lawyers, photographers, filmmakers and small to medium businesses using NAS/Synology/QNAP/Dell/HP systems.
Family photos, documents, professional material and private archives.
B2B scenarios
In a business ransomware incident, the first step is to secure material for analysis: encrypted files, ransom notes, media, backups and environment information.
If the incident involves accounting, ERP, SQL, NAS shares or RAID arrays, provide the critical systems, the last known-good backup and the actions taken after the attack during the first contact.
Why us
FAQ
Often yes — it depends on the encryption variant and the condition of the storage media. We start with securing the material and creating a sector copy for analysis.
Disconnect the device from the network, do not run “repair” tools, do not reinstall the system and contact the laboratory.
Yes. We create media copies, analyse the data structure and choose the recovery method according to the attack scenario.
Secure the data first. Cleaning without copies can remove artefacts needed for recovery or incident analysis.
Incident report
Dysk i Spółka – Data Recovery Laboratory, Warsaw — Białołęka. We accept media from all over Poland, including by courier. We provide a confidential data handling process and sign NDAs on request.