How to use snapshots in FileSync to recover from a ransomware attack
Ransomware needs no introduction in 2020 and this tech doc explains how FileSync can recover your data in a few minutes after it has been encrypted in a ransomware attack.
The recovery process is done on the cloud console and will revert all your data to the last snapshot before the ransomware attack happened.
The data doesn’t need to be manually restored and will be automatically resynced back to your devices via the local software client.
No application on the planet can decrypt your data after it has become encrypted through a ransomware attack. If your data is replicated to multiple data centres and devices, the encrypted data will be synced to all your data locations. The result is that all your replicated data is unreadable and all you can do is restore your data from the last good backup.
What happens when your data is encrypted?
When a ransomware attack is successful it will encrypt the data on your device, and that encrypted data will be synced to the cloud. If you go to your cloud copy, that will be encrypted also.
FileSync works on the basis that only the last modified part of a file is synced to the cloud and that is the portion of the file which is encrypted.
To get around this awkward situation, all you need to do is make a previous FileSync snapshot of your data the most recent set. Before you do that though, now will be a good time to purge the malware which has caused the ransomware attack so that the new data isn’t also corrupted.
How FileSync can revert your encrypted data
Go to your cloud console
You can either go there directly or click on the affected library in the local client software and click on View on Cloud
This will take you directly to the cloud console.
Show all libraries
Clicking in the top left of the screen will show all your libraries on the right of the screen.
Click on the affected library.
Clicking on the clock icon in the top right of the screen will display the snapshot history of your library.
Select the snapshot to recover
The history windows will display the modification date of all your files. We will be reverting the entire library and not just the individual files.
Identify the last available date before your data was encrypted and click on View Snapshot
Click on Restore and the required snapshot date will be recovered. This change will be pushed out automatically to all your online devices.