Price by failure type
| Failure type | Typical symptom | Lab time | Price range |
|---|---|---|---|
| Accidental deletion / reformat | Files deleted or drive showing as empty | 1–2 days | €150–€280 |
| Logical corruption / file system damage | Drive asks to be formatted, files invisible | 2–3 days | €180–€450 |
| Ransomware-encrypted data (no key) | Files renamed with encryption extension | 3–7 days | €300–€900 |
| HDD bad sectors / firmware fault | Slow access, SMART errors, click-of-death | 4–7 days | €400–€900 |
| HDD head or platter damage (clean-room) | Mechanical noises, disk not detected | 7–15 days | €800–€2 400 |
| SSD / NVMe controller failure | Disk not recognised, zero capacity | 5–10 days | €600–€1 800 |
| RAID array rebuild (2–4 disks) | Array degraded or inaccessible | 5–12 days | €900–€2 800 |
| Water or fire damage | Physical exposure, smell, corrosion | 10–20 days | €1 200–€3 200 |
| Mobile phone / tablet recovery | Screen dead, not booting | 5–12 days | €250–€900 |
All values incl. TVA 17 %.
What is included in the price:
- In-lab diagnosis and report
- Bit-level imaging of the source media to a working copy
- Recovery attempt on the working copy (not the original)
- Delivery of recovered data on a new USB drive or NAS share (the drive is part of the bill, typically €25–€45)
- Written chain-of-custody log for GDPR-sensitive data
- 30-day retention of the recovered data on provider servers (optional)
What is not included:
- Replacement media for the failed drive (must be bought separately or included as an option)
- Recovery of content that was encrypted and where the key is lost (impossible)
- Recovery of data that was never written (mistaken request about files that did not exist)
- On-site emergency retrieval of a running server (premium €200 to €500 call-out charge)
Ransomware specific notes:
- Reputable Luxembourg providers will not pay ransoms on your behalf; paying is a last-resort choice that remains a criminal-justice matter
- For older or weaker ransomware strains (Nefilim, Djvu, some Hive variants), publicly available decryptors work; a provider can try before quoting full recovery
- Recovery from a recent, uncompromised backup is always cheaper than ransom negotiation
The diagnosis step and chain of custody
Every serious job starts with a paid diagnosis. In Luxembourg the fee is €60 to €120 and takes 1 to 3 business days. The output is a report listing: (1) detected failure mode (logical, electronic, firmware, mechanical), (2) estimated success probability as a band, (3) price to proceed, and (4) expected turnaround. If you decline to proceed, the diagnosis fee stays owed; if you proceed, it is credited against the job.
What happens physically during diagnosis:
- Provider receives the drive by courier or drop-off at their office in Luxembourg-Ville, Esch-sur-Alzette, or Ettelbruck
- A signed receipt is issued, referencing serial number, visible condition, and accompanying cables
- An identical-size spare drive is sourced; a bit-level image is attempted via PC-3000 or DeepSpar
- If the source won't image directly, the failure mode is identified by read-head test or firmware interrogation
- A report is generated — typically 1–2 pages — and sent by encrypted e-mail or customer portal
Chain of custody — GDPR-critical:
- Any Luxembourg business handling data subject to GDPR must sign a Data Processing Agreement (DPA) with the recovery provider before work begins
- The DPA specifies: data categories involved, retention limits, transfer safeguards (where Luxembourg-based providers may sub-contract clean-room work to specialist labs outside LU), and destruction certificates
- A responsible provider logs every physical handoff (receipt, lab entry, clean-room entry, return) on the customer portal with timestamps
- Upon completion, the provider returns the recovered data plus a certificate of destruction for any copies retained during the process
Privacy red flags to refuse:
- Lab asks you to send a copy of your ID card before diagnosis — unnecessary; a signed receipt is enough
- Lab refuses to sign a DPA — disqualifying for any GDPR-regulated data
- Lab operates with an informal office, no published address, no cleanroom photos — may be a reseller that ships abroad without disclosure
- Lab pressures for up-front payment without a diagnosis — legitimate outfits price only after diagnosis
When to try software yourself, when to stop
Not every data loss needs a lab. Some scenarios are safe to attempt yourself with a consumer recovery tool; others make the damage permanent. The rule of thumb is simple: if the drive makes unusual sounds, fails to power on, or was exposed to water or fire, power it off immediately and call a professional.
Safe to try yourself:
- Accidental deletion of photos, documents, videos where the drive still mounts normally
- Reformatted USB stick or SD card that still mounts
- Emptied recycle bin or Time Machine snapshot gone
Recommended tools (licensed, free trial):
- Disk Drill (macOS and Windows) — strongest UI, free trial shows recoverable files, licence from €60 for personal use
- R-Studio — professional feature set, licence from €80
- Photorec (open source) — free, command-line, strongest at JPEG and RAW formats
- Recuva (Windows only) — free basic version, good for simple deletions
Step-by-step procedure (consumer case):
- Stop using the drive immediately — every write risks overwriting recoverable data
- Connect the drive to a different computer where it is not the boot drive
- Image the drive to a second external disk with the tool's sector-by-sector copy feature
- Run the recovery tool against the image, not the original
- Export recovered files to a third location (never the source)
When to stop and call a professional:
- Drive makes clicking, grinding, or beeping noises — these are mechanical symptoms, every further spin destroys more data
- Drive does not appear in system, not even in disk management or diskutil
- SMART status is CRITICAL or the drive is pre-failure
- Data was on a drive exposed to water, fire, or sustained drop
- You need forensic-quality chain of custody (legal matter, insurance claim, GDPR incident)
Why DIY recovery often fails:
- Consumer tools bypass the drive's firmware abstraction only at surface level
- They cannot reinterpret corrupted translation tables or defective head mappings
- They continue to operate on the original even when configured for image mode, if the drive has silent read errors, and each read weakens the media further
- Recovery of a single Word document you deleted is not worth a €600 lab bill — but a failing 2 TB photo library from 15 years is
Prevention: backups that cost less than recovery
Every data recovery professional in Luxembourg makes the same point: the €600 average recovery bill would have been avoided by a €5-per-month backup subscription. The 3-2-1 rule — 3 copies, on 2 different media, 1 off-site — is the baseline professionals and regulators both recommend.
Budget-grade setup (€5 to €15 per month):
- Apple iCloud, Google One, or pCloud Switzerland-based subscription, 200 GB for €3 to €4 per month, 2 TB for €10 per month
- Swiss-hosted pCloud is popular in Luxembourg because of comparable GDPR-equivalent privacy regime
- Time Machine on macOS to a local 4 TB drive (€90 one-off) plus the cloud service
- Windows users: File History to a local drive plus OneDrive for Business (€5/month)
Business-grade setup (€40 to €120 per month per 1 TB):
- Backblaze B2 or Wasabi hot storage at €5 to €6 per TB per month of storage, plus egress fees
- Synology NAS (2-bay starts at €300 purchase) running Active Backup for Business, writing daily encrypted snapshots of all endpoints to Backblaze B2
- Veeam or MSP360 managing enterprise endpoint backups with retention rules
- 12-month retention, 1-year RPO test restore, documented in your ISO 27001 or SOC 2 evidence pack
Critical gotchas:
- An external hard drive sitting on the shelf next to the computer is not a backup — a house fire, theft, or ransomware destroys both
- Syncing to iCloud or Dropbox is not a backup — deletion and corruption propagate. Real backup requires versioning
- A backup you have never restored from is not a backup — test restore at least annually
- Ransomware backup strategy needs an immutable tier (S3 Object Lock, Wasabi immutable) to defeat encryption attacks
The economic argument in numbers:
- Average recovery bill for severe HDD failure: €1 200
- Two years of pCloud Family 2 TB: €240
- Ratio: 5x savings if backups are used and the recovery never becomes necessary
- Plus: immediate access to data after a failure (same-day from backup vs 7–15 days from recovery), which for any business is the bigger win
How to pick a provider in Luxembourg
Data recovery in Luxembourg is served by three tiers of provider. Most IT stores offering a recovery service are tier 3 (resellers); tier 1 is rarer but worth the price for critical cases.
Tier 1 — specialist recovery labs with in-country clean-room:
- Full in-house hardware capability (PC-3000 bench, ISO 5 clean-room, HDD head-swap tooling)
- Multilingual front-line (French, German, English, Luxembourgish)
- Written chain-of-custody and DPA as standard
- Price is at the upper end of ranges; turnaround fastest
- Best for: critical business data, regulated sectors, legal or insurance matters
Tier 2 — regional recovery partners:
- Diagnose and lab-level recovery (logical and some physical) in-house
- Ship severe mechanical cases to a Benelux or German partner clean-room
- Reasonable price, moderate turnaround (add 3–5 days for shipped jobs)
- Best for: personal and small-business data, non-regulated sectors
Tier 3 — IT retailers offering recovery as side service:
- Often run free consumer recovery software on your drive — occasionally successful, often makes things worse
- Ship everything beyond surface-level cases to a third-party lab with margin added
- Price transparency is poor; chain-of-custody usually informal
- Best for: low-stakes consumer recovery where budget and data value are both low
Questions that separate the tiers:
- Do you operate your own clean-room in Luxembourg, and can we see photos? (T1 yes, T2 no but partnered, T3 no)
- What diagnostic tools do you use? (PC-3000 and DeepSpar are the standard answers for T1 and T2)
- Can you sign a Data Processing Agreement before diagnosis? (T1 and T2 yes; T3 often pushes back)
- What is your no-data-no-fee clause exactly? (T1 and T2 precise and written; T3 often verbal)
- What success-rate stats have you published for the failure type I have?
Shipping vs dropping off:
- For any mechanical or clean-room case, hand-delivery or courier with signature and insurance is safer than regular post
- A T1 lab provides pre-paid courier packaging with shock absorbers and anti-static bag
- Your own packaging must include: anti-static bag, shock foam, sturdy outer box, and a signed inventory sheet inside
Pricing transparency red flags:
- A price given before diagnosis is a guess, not a quote — legitimate labs always quote after diagnosis
- Success bands like "95 % success rate" without qualifier are marketing; real success rates are failure-mode-specific
- A refusal to credit the diagnosis fee against a paid job is poor practice
- A premium of more than 50 % over the quoted range without a specific complication disclosed mid-job means renegotiate or walk
Data recovery in Luxembourg costs €150 to €2 400 depending on failure severity, with 80 % of cases resolved logically for €150 to €450. Pay the €60 to €120 diagnosis fee, read the resulting report carefully, and compare two quotes against clean-room capability, DPA terms, and no-data-no-fee clauses. For GDPR-sensitive data, refuse any provider that won't sign a DPA or won't document chain of custody. And above all, build a 3-2-1 backup habit — €5 a month beats a €1 000 emergency. Fynd.lu lists Luxembourg-based recovery specialists and managed-backup IT providers with GDPR-compliant practices. Request a diagnosis from one specialist and a backup proposal from one managed IT firm before deciding.
