Q:Can SQL Server Recovery Kit recover data after an attack by a ransomware encryption?


SQL Server Recovery Kit can partially or fully recover information from .MDF/.NDF files of Microsoft SQL Server database files encrypted by ransomware viruses.

SQL Server Recovery Kit does not decrypt data.

In general, data decryption is not applicable in these cases.

However, SQL Server Recovery Kit can be useful in cases when the MDF file was partially encrypted. Typically, viruses only encrypt the header and/or beginning of files because of their large size. In these cases, if only the header or part of the MDF file was encrypted, SQL Server Recovery Kit can be helpful. The program analyzes all the data blocks and collected data structure in the file. Then, it recreates the original data structure and the data itself, if possible.

Microsoft SQL Server MDF file structure

Is it Possible to Recover Data from an MDF File after an Attack by a Ransomware Virus?

There is no guarantee that you can recover 100% of the data or some part of it by using the program. To get a definite answer to that question, you need to download the DEMO version of SQL Server Recovery Kit, specify the encrypted MDF file and wait for the analysis of the file to complete.

Upon completion of the analysis of the .mdf file in the DEMO version of the program, a full preview of the data that can be extracted from the file is available.


Recovery Toolbox's customer support department informs that usually ransomware programs only encrypt the header of the database file because of its large size. As a result, it is often possible to recover almost the entire data structure and almost all information from the source file.