category

A cautionary tale about recovering from Wannacry using backups


If you want to recover from Wannacry ransomware by doing a backup rather than paying the ransom, a cautionary tale. Make sure your backups are perfect. Because it can be hellacious if they aren’t.

A client got hit with Cryptolocker ransomware a few years ago. Their onsite tech said we can just do backups, screw paying the ransom. So they did. Important data files got restored. They cleaned up from the attack. All seemed well.

Many months later they went to process mission-critical data going back eight years or so. They discovered all that data prior to the ransomware attack was gone. Data after the attack was there.

Somehow, in restoring from the attack, they wiped out that seriously important data. The data was not encrypted. It simply was not there.There were no backups. It was a catastrophe for them.

If you want to recover from Wannacry by restoring data, back up everything first to another hard disk. Then restore.