Within the past few years, the focus of many security teams has been shifting from pure prevention of cyber-attacks to richer detection and response/recovery capabilities. With the Snapshot-Based Ransomware Recovery tool, domain administrators can access their data on a snapshot within 15-30 minutes and recover them within minutes (for small folders) or hours (for very large folders). The snapshots of the domain's data are taken automatically every four hours and are kept for two weeks.

The Snapshot-Based Ransomware Recovery is available only with the Platform Enterprise plan.

The feature is currently in the Limited Availability mode. Platform Enterprise customers can request to turn it on via their Customer Success Manager or their Customer Development Manager.

Currently, Snapshot-Based Ransomware Recovery can only be accessed within Collaborate. For more information regarding Snapshot-Based Ransomware Recovery, please read below

Frequently Asked Questions:

How do I know which snapshot to choose?

The recommended snapshot recovery date can be found by reviewing the Probable Ransomware issue within Secure & Govern and using the "Issue Detected" date or "Issue Updated" date.

For a user's first Ransomware detection, the "Issue Detected" date should be used to determine the recommended snapshot recovery date. 

mceclip1.png

For users that experience more than one Ransomware attack, The main "Issue Date" date should be used to determine the recommended snapshot recovery date.

mceclip0.png

The "Issue Detected" and "Issue Updated" dates and times should only be used as a recommended snapshot recovery date. Egnyte recommends selecting a snapshot that occurs prior to the "Issue Detected" and "Issue Updated" dates and times.

 

How do I know which folders and files are the highest priority to recover?

The recommended snapshot recovery folders and files can be found by reviewing the Probable Ransomware issue within Secure & Govern.

  • Navigate to the "Issues" tab and select the Probable Ransomware issue

mceclip3.png

  • Go to the "Issue Details" section and expand the "Issues:" section

mceclip4.png

  • Select "EXPORT LIST OF AFFECTED FILES."
  • Use the file export list as a guide to determine the highest priority folders and files.

More Information:

See Snapshot-based Ransomware Recovery