Within the past few years, the focus of many security teams has been shifting from pure prevention of cyber-attacks to richer detection and response/recovery capabilities. With the Snapshot-Based Ransomware Recovery tool, domain administrators can access their data on a snapshot within 15-30 minutes and recover them within minutes (for small folders) or hours (for very large folders). The snapshots of the domain's data are taken according to the following schedule:
30-Day Basic Coverage
- 0-7 days, every 4 hours (6 snapshots per day)
- 8-15 days, every 12 hours (2 snapshots per day)
- 16-30 days, every 24 hours (1 snapshot per day)
90-Day Extended Coverage
- 0-7 days, every 4 hours (6 snapshots per day)
- 8-15 days, every 12 hours (2 snapshots per day)
- 16-30 days, every 24 hours (1 snapshot per day)
- 31-90 days, every 10 days (1 snapshot per 10 days)
- The Snapshot-Based Ransomware Recovery is included with the Platform Enterprise plan and GxP with Governance Plan. The feature is also available as an add-on for Platform Business and Enterprise Lite plans.
- The 90-day extended snapshot coverage is available for customers having the Gen 4 Ultimate plan. Contact the account manager or Egnyte Sales team for more information.
Secure & Govern Ransomware Restore
Issue Reviewers can now restore affected files, for probable ransomware detections, directly from Secure & Govern’s Issues View by doing the following:
- Log into Secure and Govern.
- Go to the Issues view.
- Select an "Open" Probable Ransomware issue.
- Select Remediate to see the dropdown options.
-
Select Restore Content.
-
If the user has the proper permissions to restore content in Collaborate (skip to step 12).
-
If the user does NOT have the proper permissions to restore content in Collaborate, the restore content modal will appear.
-
- Select Assign.
- Select the “Administrator” that is needed to complete the snapshot restore action within Collaborate.
-
Enter any desired Notes and click Restore.
-
An email notification will be sent to that Administrator. The Administrator is now assigned to the issue within Secure & Govern and can open the issue directly by clicking on View all or the arrow for the specific item.
- Select Remediate to see the dropdown options.
- Select Restore Content.
- Once the Issue Reviewer has the proper permissions to restore the content in Egnyte Collaborate, the user will be automatically sent to the “Snapshot Restore” view within Egnyte Collaborate with the recommended snapshot(s) to restore.
- The Collaborate Administrator restores all the affected folders and files within Egnyte Collaborate (see Collaborate Ransomware Restore Process).
- Once the folders and files have been restored, the Issue Reviewer closes the issue by using the Mark as Resolved action found under the Close button.
- The issue is then automatically moved to Resolved status.
Frequently Asked Questions
How Do I Know Which Snapshot to Choose?
The recommended snapshot recovery date can be found by reviewing the Probable Ransomware issue within Secure & Govern and using the Issue Detected date or Issue Updated date.
For a user's first Ransomware detection, the Issue Detected date should be used to determine the recommended snapshot recovery date.
For users that experience more than one Ransomware attack, the main Issue Date should be used to determine the recommended snapshot recovery date.
The Issue Detected and Issue Updated dates and times should only be used as a recommended snapshot recovery date. Egnyte recommends selecting a snapshot that occurs prior to the Issue Detected and Issue Updated dates and times.
How Do I Know Which Folders and Files are the Highest Priority to Recover?
The recommended snapshot recovery folders and files can be found by reviewing the Probable Ransomware issue within Secure & Govern.
- Navigate to the Issues view and select the Probable Ransomware issue.
- Go to the Issue Details section and expand the Issues section.
- Select Export list of affected files.
- Use the file export list as a guide to determine the highest-priority folders and files.