Egnyte Help Desk

Crypto (Ransomware) Recovery

The Crypto virus is a type of ransomware that encrypts files stored on your local or network drive so that they are effectively inaccessible to you. The ransomware was introduced in 2013 and is typically carried via email attachments. Once your files are encrypted, it then offers to decrypt the data if a ransom is paid. The ransomware can be particularly troublesome for customers once the encrypted data syncs to the cloud and down to other user devices.  Due to the nature of the encrypted files and ever evolving variations, it is impossible for us to detect the Crypto-encrypted files. Crypto encryption is not an Egnyte issue. In fact, with Egnyte versioning and retention policies, your files can be restored to their original state. While we’ve had 100% success rate in restoring customer’s data to date, the continued evolution of this ransomware is a risk for potential data loss.

 

What is Egnyte doing about Crypto?

In some cases, Egnyte is able to detect and block the affected user’s machine from uploading or syncing more files. This prevents rampant spread of the encryption to other files. However, this detection and blocking is not possible in all cases. We are continually enhancing the tools to recover and restore the customer’s files as quickly as possible from Crypto encryption.

 

How do I recover my Crypto encrypted data?

1. In most cases, encrypted files becomes the latest version of your files. With Egnyte's version control, you can revert to an older version or clean copy of the file using our Web UI.

2. Some variations of Crypto deletes the original file, which can also be recovered from Trash as long as the data is within the Trash retention window. Once the data is removed from Trash, it is no longer recoverable so it is important to report the issue as early as possible and ensure that your Trash retention policy window be adequately large.

3. If a large number of files are infected, our Support team can help recover the files for you by submitting a Support request. Send the following information to our Support team and we will revert the files based on the data you provided.

  • Username of the individual who got infected
  • Date when the files were uploaded to the cloud or date of infection. This information can be obtained by running an File Audit Report if your account has the feature enabled. If you do not have the audit feature, please let us know.


A typical revert process can take up to 2-3 business days.

 

 

Egnyte Community

Egnyte Community

Want to connect with other Egnyte users and our Egnyte team? Share ideas and ask questions in our Community.

Help Improve Egnyte

Every day we work hard to make Egnyte better with feedback from users to improve our products. Sign up to participate in Egnyte User Studies.