Storm season is back, bringing with it the potential for significant weather events. If you have clients in areas prone to infrastructure disruption, visit the Disaster Recovery Resources guide for preparedness information. Datto recommends performing proactive disaster recovery testing to mitigate potential downtime. See our articles about the importance of disaster recovery testing and Preparing For A Cloud Virtualization Test: Policies, Procedures, And Partner Responsibilities to learn more. For live updates, follow @datto on Twitter.

What to do if a protected machine is infected with Ransomware

Follow

Scope

This article describes what steps you can take in case a server becomes infected with Cryptolocker, CryptoWall, or any other 'ransomware.'

Background

Datto's 2016 report illustrates the state of ransomware among small and medium-sized businesses as well as predictions for the future:

You should also review the Datto Disaster Recovery Guide.

Procedure

The type of restore you need to do depends on whether the virus has infected data, the OS, or both. If a data volume is infected, you can perform a file restore. If the virus is more widespread and has infected the OS, you will need to perform a Bare Metal Restore.

Start with the most recent recovery point and work your way back:

  • Use the Direct Restore Utility to check your recovery points for evidence of the infection.
  • Find the most recent "clean" recovery point to restore your files.
  • If the infection has infected the OS of a system, you will need to perform a Rapid Rollback or Bare Metal Restore of the most recent clean recovery point.
  • If ransomware has infected a snapshot-enabled NAS share on your Datto device, you can perform an iSCSI rollback.

Once you've identified a healthy data set, you can proceed with restoration.

As always, feel free to reach out to Technical Support if you need more help.


Was this article helpful?

0 out of 1 found this helpful

You must sign in before voting on this article.

Calling all Partners! We want to hear your feedback! Please participate in this quick survey and help us build a better, more-relevant Knowledge Base!

Want to talk about it? Head on over to our Community Forum!