Ransomware Removal

Has Your Business Fallen Victim to Ransomware?

Standing by 24/7. We are available anytime to take a call or request. We know your business needs help FAST, so we’re standing by.


Learn More

Ransomware Removal and File Recovery Experts

Is ransomware holding you hostage? Petronella’s Cybersecurity and Digital Forensics can help.  As seen on ABC, NBC, FOX, Spectrum, and Newsobserver. Call Toll Free 919-646-6051 anytime, 24/7. We understand you need help fast.

Fast Removal. We’ll diagnose the extent of the ransomware malware and eradicate Ransomware within a few hours, in most cases. We understand how important this is to your business.

File Recovery. Every situation is unique. Our team of elite cybersecurity experts is fabulous at restoring your files; FAST. Doing it without cybersecurity experts could result in permanent loss of your files; forever.

Don’t Pay the Ransom. Paying criminals a ransom in Bitcoin or other cryptocurrency doesn’t guarantee you’ll get your data back. Paying-up is a risk you don’t want to take. Let our experts handle the situation for you.

Trusted Ransomware Removal Experts. We have more 5 Star Reviews than any other provider in NC. Our trusted experts solve issues others cannot and work with businesses of all sizes – from small businesses to companies with hundreds of computers.

Specializing in helping businesses remove ransomware and restore encrypted files. Ready 24/7.

  • Emergency Services Available 24/7. Normal Help Desk hours are from 9am – 5pm M-F.  Severity Levels are described as the following:
  • Level 1 CRITICAL (4 hour resolution) Critical business impact: You are unable to use the application, resulting in a critical impact on operations. This condition requires an immediate solution. 
  • Level 2 ALARMED (8 hour resolution) Significant business impact. The application is usable but limited.
  • Level 3 IMPACT (12 hour resolution) Some business impact.  The application is usable with less significant features (not critical to operations) unavailable.
  • Level 4 MINOR (3-5 day resolution) Minimal business impact. The problem causes little impact on operations, or with reasonable circumvention to the problem has been implemented.
  • Level 5 TRIVIAL (Best Effort) No business impact. The problem causes no impact on operations, or a reasonable circumvention to the problem has been implemented.

Petronella’s CyberSecurity Group in the News

Craig Petronella, Cybersecurity Expert Explains What You Can Do to Avoid Ransomware.

Don’t Take Our Word for it! See Real Testimonials!

Craig Petronella, Cybersecurity Expert Explains What You Can Do to Avoid Ransomware.

Pricing Starting as Low as $2,890.00 per case.

Ransomware Services for Small & Mid-sized Businesses

  • Starting at $2,890.00 per case
  • 24/7 Standby
  • Professional security risk assessment & diagnostics
  • File recovery based on circumstances
  • Digital forensic investigations
  • Post recovery email and phone support

Ransomware Services for Enterprise Businesses

Best-in-industry pricing on every case.

  • 24/7 Standby
  • Professional assessment & diagnostics
  • File recovery based on circumstances
  • Digital forensic investigations
  • Dedicated post-recovery support services

Ransomware Updates/News

rEvil, Maze, Conti, Cring, GoldenEye, Jigsaw, Locky, Maze, NotPetya, Petya, Ryuk, Sodinokibi, Phobos, Wannacry, Betta, Dharma, Ryuk & Arrow Outbreaks Underway

ETH – A new iteration of the Dharma/CrySiS

After successful infiltration, ETH encrypts most stored files and appends filenames with the “.ETH” extension plus the developer’s email address and victim’s ID. For example, “sample.jpg” might be renamed to “sample.jpg.id-1E857D00.[name@domain.com].ETH“. Once data is encrypted, ETH generates a text file (“FILES ENCRYPTED.txt“), which is placed on the desktop, and opens a pop-up window.

Phobos – Dharma Ransomware Strains

Phobos renames all encrypted files by adding the “.phobos” extension plus the victim’s unique ID and an email address. For example, “1.jpg” might be renamed to a filename such as “1.jpg.ID-44447777. [email@email.com] .phobos” or “1.jpg.ID-44447777. [email@email.com] .phobos”. The email presented in the assigned extension varies. The virus encrypts data using AES cryptography and, after encryption, generates an HTML application (“Phobos.hta”) and opens it.


Discover more by listening to our podcast: