Recover from Advanced Malware Attacks Using The Snapshot Feature

Overview

The Snapshot feature allows administrators to easily copy a Team Share or a user’s personal data as it existed at a specific point in time, including content that was previously deleted, recreated, or changed. This feature even recovers the revision history of restored content, starting from the selected date.

The Snapshot Feature and Ransomware

Ransomware is a type of malware that denies access to infected content, and demands that the user pay a ransom to remove the restriction.  In many instances, you can use Anchor’s Restore Deleted and Revision Rollback feature to restore affected files to their previous, healthy revisions.

Advanced ransomware attacks—such as Locky—might delete, recreate, then change files names, thereby affecting a file’s revision history, and preventing you from restoring to a previous revision. The Snapshot feature helps you recover from these advanced attacks, allowing you to restore data as it existed before infection.

The Snapshot feature is one of many AXIS Cloud Sync features that help protect and restore data. For more information on AXIS Cloud Sync’s  data restore options, please reference the following Knowledgebase articles:

  • The Restore Revisions feature allows you to restore one file to a previous revision
  • The Revision Rollback feature helps you recover from many variants of ransomware; the feature utilizes a file’s revision history to restore all currently-existing content to a healthy revision
  • The Restore Deleted feature allows you to restore a file that has been previously marked as deleted

Other Use Cases

In addition to ransomware recovery, you can also use the Snapshot feature for data management or archive purposes. For example, if an employee resigns from an organization, you might decide to clone his personal root folder as a Team Share and retain this content as a record or archive.

A Technical Note About Purged Files and Folders

Please note that purged files and folders cannot be recovered using this feature. Purged files and folders are defined as:

  • Files and folders that have been deleted and then purged
  • Files and folders that have been deleted, purged, and then manually recreated
  • Files and folders that have been moved from a folder location that is later deleted and purged; in these instances, the revisions captured in the original folder location will not be recovered

Purge settings can be managed as an organization policy.

How to Restore a Team Share

When using the Snapshot feature to recover Team Share data, the system will copy the data into a new Team Share. Administrators can then subscribe appropriate users to this new Team Share.

  1. In the administrative web portal, click the Shares tab. The Shares page displays, listing all existing Team Shares.
  2. Find the affected Team Share and click its Snapshot button.

    The Snapshot dialog box displays.

  3.  In the Snapshot dialog box, enter the following information:
    1. In the New Team Share Name field, enter the name of the new Team Share.
    2. Select the Only Include Data Up To The Following Point In Time checkbox if you need to capture files from a specific point in time. Then, select a date prior to when the Team Share was affected.
    3. Click the OK button when you are finished. Or click, the Cancel button if you do not wish to proceed. Please note that this procedure might take several minutes.A Confirm Snapshot dialog box displays, asking you to confirm or cancel the request.
    4. In the Confirm Snapshot dialog box, click the Yes button to confirm. Administrators will then have the ability to add appropriate subscribers to this new Team Share.
  4. Optionally, review the status indicator in the Team Share page, or review the Activity Log to confirm the completion of this process.

How to Restore a User’s Personal Data

When using the Snapshot feature to recover a user’s personal data, the system will copy the user’s personal root folder into a new Team Share. Administrators can then subscribe appropriate users to this new Team Share.

  1. In the administrative web portal, click the Accounts tab. The Accounts page displays, listing all existing user accounts.
  2. Find the affected user account and click its Snapshot button.
    The Snapshot dialog box displays.
  3.  In the Snapshot dialog box, enter the following information:
    1. In the New Team Share Name field, enter the name of the new Team Share.
    2. Select the Only Include Data Up To The Following Point In Time checkbox if you need to capture files from a specific point in time. Then, select a date prior to when the data was affected.
    3. Click the OK button when you are finished. Or click, the Cancel button if you do not wish to proceed. Please note that this procedure might take several minutes.A Confirm Snapshot dialog box displays, asking you to confirm or cancel the request.
    4. In the Confirm Snapshot dialog box, click the Yes button to confirm. Administrators will then have the ability to add appropriate subscribers to this new Team Share.
  4. Optionally, review the status indicator in the Team Share page, or review the Activity Log to confirm the completion of this process.