This article describes what steps you can take in case a server becomes infected with Cryptolocker, CryptoWall, or any other 'ransomware.'
Datto's 2016 report illustrates the state of ransomware among small and medium-sized businesses as well as predictions for the future:
You should also review the Datto Disaster Recovery Guide.
The type of restore you need to do depends on whether the virus has infected data, the OS, or both. If a data volume is infected, you can perform a file restore. If the virus is more widespread and has infected the OS, you will need to perform a Bare Metal Restore.
Start with the most recent recovery point and work your way back:
- Use the Direct Restore Utility to check your recovery points for evidence of the infection.
- Find the most recent "clean" recovery point to restore your files.
- If the infection has infected the OS of a system, you will need to perform a Rapid Rollback or Bare Metal Restore of the most recent clean recovery point.
- If ransomware has infected a snapshot-enabled NAS share on your Datto device, you can perform an iSCSI rollback.
Once you've identified a healthy data set, you can proceed with restoration.
As always, feel free to reach out to Technical Support if you need more help.