Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Within the past few years, the focus of many security teams has been shifting from pure prevention of cyber-attacks to richer detection and response/recovery capabilities. With the Snapshot-Based Ransomware Recovery tool, domain administrators can access their data on a snapshot within 15-30 minutes and recover them within minutes (for small folders) or hours (for very large folders). The snapshots of the domain's data are taken automatically every four hours and are kept for two weeks. The snapshots of the domain's data are taken according to the following schedule:

  • Within the previous 7 days, every 4 hours (6 snapshots per day)
  • Within the previous 8-15 days, every 12 hours (2 snapshots per day)
  • Within the previous 16-30 days, every 24 hours (1 snapshot per day)

The Snapshot-Based Ransomware Recovery is included with the Platform Enterprise plan and GxP with Governance Plan. The feature is also available as an add-on for Platform and Enterprise Lite plans.

For more information regarding Snapshot-Based Ransomware Recovery, read below.

Secure & Govern Ransomware Restore

Issue Reviewers can now restore affected files, for probable ransomware detections, directly from Secure & Govern’s Issues Viewby doing the following:

  1. Log into Secure and Govern.
  2. Go to the Issues view.
  3. Select an "Open" Probable Ransomware issue.
  4. Select Remidate to see the dropdown options.

    Secure_and_Govern_Ransomware_Recovery_1.png

  5. Select Restore Content.

    • If the user does have the proper permissions to restore content in Collaborate (skip to step 13).

    • If the user does NOT have the proper permissions to restore content in Collaborate, the restore content modal will appear.


      Secure_and_Govern_Ransomware_Recovery_5.png

  6. Select Assign.

    Secure_and_Govern_Ransomware_Recovery_2.png

  7. Select the “Administrator” that is needed to complete the snapshot restore action within Collaborate.
  8. Enter any desired Notes.
  9. Select Restore and the email notification is sent to the Administrator.

    Secure_and_Govern_Ransomware_Recovery_9.png

  10. The Administrator is now assigned to the issue within Secure & Govern and can open the issue directly by clicking on View Issue Details.
  11. Select Remediate to see the dropdown options.

    Secure and Govern_Ransomware Recovery_1.png

  12. Select Restore Content.
  13. Once the Issue Reviewer has the proper permissions to restore the content in Egnyte Collaborate, the user will be automatically sent to the “Snapshot Restore” view within Egnyte Collaborate with the recommended snapshot(s) to restore (highlighted in RED).

    Secure_and_Govern_Ransomware_Recovery_6.png

  14. The Collaborate Administrator restores all the affected folders and files within Egnyte Collaborate (see Collaborate Ransomware Restore Process).
  15. Once the folders and files have been restored, the Issue Reviewer closes the issue by using the Mark as Resolved action found under the Close button.

    Secure_and_Govern_Ransomware_Recovery_7.png

  16. The issue is then automatically moved to Resolved status.

Frequently Asked Questions

How Do I Know Which Snapshot to Choose?

The recommended snapshot recovery date can be found by reviewing the Probable Ransomware issue within Secure & Govern and using the "Issue Detected" date or "Issue Updated" date.

For a user's first Ransomware detection, the "Issue Detected" date should be used to determine the recommended snapshot recovery date. 

Secure_and_Govern_Ransomware_Recovery_4.png

For users that experience more than one Ransomware attack, the main "Issue Date" should be used to determine the recommended snapshot recovery date.

Secure_and_Govern_Ransomware_Recovery_8.png

The "Issue Detected" and "Issue Updated" dates and times should only be used as a recommended snapshot recovery date. Egnyte recommends selecting a snapshot that occurs prior to the "Issue Detected" and "Issue Updated" dates and times.

How Do I Know Which Folders and Files are the Highest Priority to Recover?

The recommended snapshot recovery folders and files can be found by reviewing the Probable Ransomware issue within Secure & Govern.

  • Navigate to the Issues view and select the Probable Ransomware issue.

    Secure_and_Govern_Ransomware_Recovery_3.png

  • Go to the Issue Details section and expand the Issues section.



  • Select EXPORT LIST OF AFFECTED FILES.
  • Use the file export list as a guide to determine the highest-priority folders and files.

More Information

See Snapshot-Based Ransomware Recovery

 

 

 

Was this article helpful?
0 out of 0 found this helpful

For technical assistance, please contact us.