Recover from a Ransomware Attack with Egnyte’s Self-Service Feature

Ransomware is on the rise and shows no signs of slowing. In the past year alone, major ransomware attacks have hit just about every major industry, including health care, physical infrastructure, digital infrastructure, and food

It’s no longer a matter of if, but when an organization will be attacked, which is why most companies now spend considerable resources to defend against ransomware attacks.

File recovery is one of the major pillars of any ransomware strategy because businesses need to get up and running as quickly as possible after an attack. If you are an IT administrator or manager and your company has been hit by a ransomware attack, you need to act quickly to resume business operations and save money. 

Egnyte supports multiple recovery approaches to accommodate your business’ specific needs, and in this post we’ll show you how to recover without the intervention of a team of experts.

Why You Should Use Egnyte for Ransomware Recovery

Given the rising level of threats, you likely have a ransomware defense strategy in place—and if you don’t, get one ASAP. Egnyte complements your ransomware response plans in every phase.  

Preparation. Egnyte supports two-factor authentication to help prevent credential compromise. Within the platform, you can also delete old, unneeded files to reduce your exposure. And you can limit a user’s access so they can only view or open the files needed to do their job, which reduces the “blast radius” of a ransomware attack.

Detection. Egnyte detects artifacts of active ransomware attacks, such as ransom notes, encrypted tile extensions, and other traces. In addition, the Egnyte Enterprise plan also adds detection of unusual behavior that might indicate a ransomware attack in progress.

Response. No matter which plan you are on, Egnyte will send an email alerting you of the situation. Using SMS gateways, you can also get text message alerts on your mobile phone. In most cases, your administrator will be able to immediately suspend an offending user account on Egnyte with a single click. In some cases of extremely high confidence of attack, Egnyte will do it automatically for Enterprise customers.

Recovery. Most ransomware response plans stop at the response stage, but Egnyte goes further because it can also help you recover from an attack. In fact, recovery is what sets Egnyte apart from other cybersecurity solutions. A typical ransom demand may be hundreds of thousands of dollars.  Meanwhile, restoring 1 TB of data over a 200 Mb/s link can take over 11 hours. With Egnyte, you can avoid paying the ransom or losing a full work day. 

Egnyte offers three recovery solutions, each tailored to different use cases. That way, you are covered whether you are a small team suffering from an individual attack, a small business with outsourced IT capabilities, or a large company with your own IT staff.

How To Use Egnyte for Self-service Ransomware Recovery

In the case of a small-scale attack of one user and a few files, your finance specialist, designer, sales person, or manager can recover their own files individually, without help from IT. 

Select the Version You Need

To start, select the files in question, and right-click to pull up a menu of options.

Graphical user interface, text, applicationDescription automatically generated

After selecting Versions & History, another screen shows all the stored versions of that file that Egnyte has captured since the file was created. The user simply looks at the date and time of each version and selects the one they want to “make current.” The system immediately restores that version and the user can begin working with it right away.

TableDescription automatically generated

Snapshots are captured every few minutes or hours (depending on activity) and are typically stored for at least two weeks. Even if the previous version of the file you want has also been encrypted, you can always go back further to find a version you can use. Note that this is not only useful for ransomware recovery, but also any time a user decides to go back to a previous version of a file for any reason.

Call Egnyte for Help

The manual process above works well for individual users with a few files to recover but becomes tedious when recovering large numbers of files. 

In that case you can call Egnyte Professional Services for assistance, and they can quickly restore entire file structures. No matter your business size or the number of folders and files to restore, Egnyte’s security team can usually restore your information in a short time.  

Restore Through Snapshots

Alternatively, if you have the Enterprise plan, your administrator can use the snapshot restoration tool to do bulk recovery of large file structures.  

The process is straightforward. You select a point-in-time snapshot of the folder structure taken before the ransomware attack and mount it into the preview screen. From the preview screen, you can then go in and verify the files and select folder structures to be restored. Finally, the folders are restored to the same locations as the folders that were corrupted by ransomware.

Here is how it works.  First, in the Settings menu, click on the Restore tab.  

Graphical user interface, text, applicationDescription automatically generated

Select +Preview Snapshot to begin a new snapshot.  On this screen, you can select the date you believe the ransomware attack started.


Graphical user interfaceDescription automatically generated

Once you select the date, Egnyte provides a list of all snapshots taken that day. The number and frequency of snapshots varies, and is determined automatically by the amount of activity in your files. Select one that was taken slightly prior to when the ransomware attack started. (Don’t worry, you can always go back or forward in time if you missed it.)

Graphical user interface, text, application, emailDescription automatically generated

After selecting a snapshot, Egnyte takes a few minutes to mount the snapshot for your review.  You will see the progress in the table, and you can have multiple snapshot jobs running at once. 

TableDescription automatically generated

After the snapshot is mounted, you can go into the view and review the folders and files you want to restore.The view looks like the familiar Egnyte file structure but includes boxes to select multiple folders.

You can open any file to verify that the snapshot is from before the ransomware attack. Once you are satisfied that you want to restore a folder, check the corresponding box to the left of the file icon.

Graphical user interface, applicationDescription automatically generated

When ready, select Restore to begin the restoral process.

Graphical user interface, text, application, emailDescription automatically generated

The actual snapshot restoration can take anywhere from a few minutes to over an hour, depending on the number of files. However, behind the scenes, Egnyte is simply reconstructing the connections to older file versions rather than copying files. It is always much faster than if you tried to copy files from a backup yourself.

Once the folders and files are restored, you’ll see the restored folders appearing beside the current folders in your file view.   

Graphical user interface, applicationDescription automatically generated

As a precaution, Egnyte does not delete any files. The encrypted files are still there for you to delete when you choose.

And that’s it. You now have three ways to easily restore your files, without hiring an army of support staff or waiting days or weeks to recover.  You can restore a few files manually, you can call Egnyte for help, or you can use the Egnyte Snapshot recovery tool. Egnyte’s robust set of tools complements your ransomware risk management strategy, from preparation and detection to response and recovery. 

Egnyte also makes ransomware recovery fast, easy, and comprehensive, reducing disruption to your business and reducing your risk and costs. Contact your Egnyte representative today for more information.

Get started with Egnyte today

Explore the best secure platform for business-critical content across clouds, apps, and devices.

Start Test Drive

Take a self-guided product tour of Egnyte's security and governance capabilities

Share this article
Author
David Buster

Senior Manager, Security and Governance; Product Marketing

View All Posts
Don’t miss an update

Subscribe today to our newsletter to get all the updates right in your inbox.

By submitting this form, you are acknowledging that you have read and understand Egnyte's Privacy Policy

Thank you for your subscription!

Welcome to
Egnyte Blog

Company News
Product Updates
Life at Egnyte
Industry Insights