Recover from a Ransomware Attack with Egnyte’s Self-Service Feature
Ransomware is on the rise and shows no signs of slowing. In the past year alone, major ransomware attacks have hit just about every major industry, including health care, physical infrastructure, digital infrastructure, and food.
It’s no longer a matter of if, but when an organization will be attacked, which is why most companies now spend considerable resources to defend against ransomware attacks.
File recovery is one of the major pillars of any ransomware strategy because businesses need to get up and running as quickly as possible after an attack. If you are an IT administrator or manager and your company has been hit by a ransomware attack, you need to act quickly to resume business operations and save money.
Egnyte supports multiple recovery approaches to accommodate your business’ specific needs, and in this post we’ll show you how to recover without the intervention of a team of experts.
Why You Should Use Egnyte for Ransomware Recovery
Given the rising level of threats, you likely have a ransomware defense strategy in place—and if you don’t, get one ASAP. Egnyte complements your ransomware response plans in every phase.
Preparation. Egnyte supports two-factor authentication to help prevent credential compromise. Within the platform, you can also delete old, unneeded files to reduce your exposure. And you can limit a user’s access so they can only view or open the files needed to do their job, which reduces the “blast radius” of a ransomware attack.
Detection. Egnyte detects artifacts of active ransomware attacks, such as ransom notes, encrypted tile extensions, and other traces. In addition, the Egnyte Enterprise plan also adds detection of unusual behavior that might indicate a ransomware attack in progress.
Response. No matter which plan you are on, Egnyte will send an email alerting you of the situation. Using SMS gateways, you can also get text message alerts on your mobile phone. In most cases, your administrator will be able to immediately suspend an offending user account on Egnyte with a single click. In some cases of extremely high confidence of attack, Egnyte will do it automatically for Enterprise customers.
Recovery. Most ransomware response plans stop at the response stage, but Egnyte goes further because it can also help you recover from an attack. In fact, recovery is what sets Egnyte apart from other cybersecurity solutions. A typical ransom demand may be hundreds of thousands of dollars. Meanwhile, restoring 1 TB of data over a 200 Mb/s link can take over 11 hours. With Egnyte, you can avoid paying the ransom or losing a full work day.
Egnyte offers three recovery solutions, each tailored to different use cases. That way, you are covered whether you are a small team suffering from an individual attack, a small business with outsourced IT capabilities, or a large company with your own IT staff.
How To Use Egnyte for Self-service Ransomware Recovery
In the case of a small-scale attack of one user and a few files, your finance specialist, designer, sales person, or manager can recover their own files individually, without help from IT.
Select the Version You Need
To start, select the files in question, and right-click to pull up a menu of options.
After selecting Versions & History, another screen shows all the stored versions of that file that Egnyte has captured since the file was created. The user simply looks at the date and time of each version and selects the one they want to “make current.” The system immediately restores that version and the user can begin working with it right away.
Snapshots are captured every few minutes or hours (depending on activity) and are typically stored for at least two weeks. Even if the previous version of the file you want has also been encrypted, you can always go back further to find a version you can use. Note that this is not only useful for ransomware recovery, but also any time a user decides to go back to a previous version of a file for any reason.
Call Egnyte for Help
The manual process above works well for individual users with a few files to recover but becomes tedious when recovering large numbers of files.
In that case you can call Egnyte Professional Services for assistance, and they can quickly restore entire file structures. No matter your business size or the number of folders and files to restore, Egnyte’s security team can usually restore your information in a short time.
Restore Through Snapshots
Alternatively, if you have the Enterprise plan, your administrator can use the snapshot restoration tool to do bulk recovery of large file structures.
The process is straightforward. You select a point-in-time snapshot of the folder structure taken before the ransomware attack and mount it into the preview screen. From the preview screen, you can then go in and verify the files and select folder structures to be restored. Finally, the folders are restored to the same locations as the folders that were corrupted by ransomware.
Here is how it works. First, in the Settings menu, click on the Restore tab.
Select +Preview Snapshot to begin a new snapshot. On this screen, you can select the date you believe the ransomware attack started.
Once you select the date, Egnyte provides a list of all snapshots taken that day. The number and frequency of snapshots varies, and is determined automatically by the amount of activity in your files. Select one that was taken slightly prior to when the ransomware attack started. (Don’t worry, you can always go back or forward in time if you missed it.)
After selecting a snapshot, Egnyte takes a few minutes to mount the snapshot for your review. You will see the progress in the table, and you can have multiple snapshot jobs running at once.
After the snapshot is mounted, you can go into the view and review the folders and files you want to restore.The view looks like the familiar Egnyte file structure but includes boxes to select multiple folders.
You can open any file to verify that the snapshot is from before the ransomware attack. Once you are satisfied that you want to restore a folder, check the corresponding box to the left of the file icon.
When ready, select Restore to begin the restoral process.
The actual snapshot restoration can take anywhere from a few minutes to over an hour, depending on the number of files. However, behind the scenes, Egnyte is simply reconstructing the connections to older file versions rather than copying files. It is always much faster than if you tried to copy files from a backup yourself.
Once the folders and files are restored, you’ll see the restored folders appearing beside the current folders in your file view.
As a precaution, Egnyte does not delete any files. The encrypted files are still there for you to delete when you choose.
And that’s it. You now have three ways to easily restore your files, without hiring an army of support staff or waiting days or weeks to recover. You can restore a few files manually, you can call Egnyte for help, or you can use the Egnyte Snapshot recovery tool. Egnyte’s robust set of tools complements your ransomware risk management strategy, from preparation and detection to response and recovery.
Egnyte also makes ransomware recovery fast, easy, and comprehensive, reducing disruption to your business and reducing your risk and costs. Contact your Egnyte representative today for more information.