What is the Advanced Ransomware Recovery feature?
Ransomware typically infects user endpoints, such as laptops or desktops, and encrypts files stored on those devices. When cloud synchronization services such as Google Drive, Shared Drives, OneDrive, or SharePoint are in use, the encrypted versions of those files may be synchronized to the cloud, replacing the original versions.
SysCloud scans your backups to identify files that may have been encrypted by ransomware (referred to as "encrypted files" throughout this article) and provides recovery and remediation options to help administrators respond to potential ransomware incidents.
Files identified as potentially encrypted are flagged and displayed in the Ransomware Protection section of the SysCloud dashboard, where administrators can review and take appropriate actions.
Actions available for identified encrypted files:
1. Transfer ownership:- Transfer Ownership - Transfer ownership of the files to an admin for further review. Refer to this LINK for steps
- Restore Ownership - Restore the file ownership to the original owner if one or more ownership transfers were performed on the selected file(s). Refer to this LINK for steps
- Quarantine File(s) - Remove all file sharing and transfer the ownership to the SysCloud account owner. Refer to this LINK for steps
- Remove all sharing: This will revoke all sharing permissions for the file, allowing only the file owner to retain access. Refer to this LINK for steps
- Remove link sharing: This action will revoke all access to the file granted via link sharing, leaving only direct access intact. Refer to this LINK for steps
- Remove external domain sharing: This action will revoke all access granted to users from external domains, whether through direct sharing or link sharing. Refer to this LINK for steps.
3. Restore from safe snapshot: Restore the safe version of the files identified by SysCloud's algorithm or recover files that may have been removed by ransomware or the user. Refer to this LINK for steps
4. Delete: Delete the affected files from the SysCloud Archives or directly from the cloud environment. Refer to this LINK for steps.
5. Dismiss: If you determine that the detected files do not pose a threat, dismiss the alert. Refer to this LINK for steps