The Crypto virus is a type of ransomware that encrypts files stored on your local or network drive so that they are effectively inaccessible to you. The ransomware was introduced in 2013 and is typically carried via email attachments. Once your files are encrypted, it then offers to decrypt the data if a ransom is paid. The ransomware can be particularly troublesome for customers once the encrypted data syncs to the cloud and down to other user devices. 

Due to the nature of the encrypted files and ever-evolving variations, it's impossible for us to detect the Crypto-encrypted files. Crypto encryption is not an Egnyte issue. In fact, with Egnyte versioning and retention policies, your files can be restored to their original state. While we’ve had a 100% success rate in restoring customer’s data to date, the continued evolution of this ransomware is a risk for potential data loss. 

What is Egnyte doing about Crypto?

In some cases, Egnyte can detect and block the affected user’s machine from uploading or syncing more files. This prevents the rampant spread of encryption to other files. However, this detection and blocking are not possible in all cases. We continually enhance the tools to recover and restore the customer’s files as quickly as possible from Crypto encryption.

How do I recover my Crypto encrypted data?

  • In most cases, encrypted files become the latest version of your files. With Egnyte's version control, you can revert to an older version or clean copy of the file using our Web UI.
  • Some variations of Crypto deletes the original file, which can also be recovered from Trash as long as the data is within the Trash retention window. Once the data is removed from Trash, it is no longer recoverable, so it is important to report the issue as early as possible and ensure that your Trash retention policy window is adequately large.
  • If a large number of files are infected, our Support team can help recover the files for you by submitting a Support request. Send the following information to our Support team, and we will revert the files based on the data you provided:
    • Username of the individual who got infected.
    • Date when the files were uploaded to the cloud or date of infection. This information can be obtained by running a File Audit Report if your account has the feature enabled. If you do not have the audit feature, please let us know.
Note: A typical revert process can take up to 2-3 business days.