How to effectively restore data after a ransomware attack ?

Backup : récupération de données ransomware

Has your client just been the victim of ransomware ?

To guarantee the fastest possible data recovery, consider differential restoration. With Beemo you have several possible restore methods : full restore, disk image restore, folder restore, but also differential restore, which has many advantages.

In the case of ransomware, corrupted files are usually renamed with an “exotic” extension, making them fairly easy to identify. Most ransomware attacks begin with files of the same type, for example .docs, then .xls, .pdf, etc.
Ransomware does not necessarily encrypt all files, which is why it is necessary to restore only what has actually been corrupted: this is where differential recovery comes in !

With the details found in Beemo Academy Level II you can restore only certain files that are critical to your customer’s business and then restore all infected files as you go.

This guarantees your customer a quick recovery, as you avoid a possibly lengthy full restoration.

Beemo academy / Differential restoration :
This feature is to be used when you want to restore files based on what already exists in the restore location. This allows conditional restores to be performed, which are particularly suitable in the case of ransomware attacks.
Each menu corresponds to the behaviour to be adopted in the following two cases :

If the file already exists :
– retain it
– replace it (default option, overwrites existing files)
– keep it if the modification date has not changed (compared to the version to be restored)
– replace it if it has been modified between the [date] and [date]

If the file doesn’t exist :
– create it (default option)
– not to create it

For example, if ransomware has encrypted the data on a machine (without modifying the file names), you can select the version of the files present in the backup preceding the attack, then :

– select “If the file already exists / keep it if the modification date has not changed”: to restore only files that have been modified since the selected backup
– select “If the file already exists / replace it if the modification date is between[date]and[date]”, then indicate the time range during which the ransomware was executed : only files modified during the execution of the ransomware will be overwritten.

If ransomware has encrypted the data on a machine by changing the names of the files, we select the version of the files present in the backup prior to the attack, and then restore only those that no longer exist :

– if the file already exists : keep it
– if the file doesn’t exist : create it (default option)

Articles sur le même thème

Plus d'articles

Une question ? Un projet ?

N’hésitez pas à nous contacter !

0800 711 500

Contactez-nous