π Note
βThis article applies to
OS: Windows
Product edition: inSync Server On-Premises
This article provides steps to verify whether your inSync Server is affected by Ransomware and to restore data for the affected devices.
Steps to check inSync Server for Ransomware
If you have access to the server on which inSync Master server or inSync Storage Node is installed, check if the following folders are accessible:
C:\ProgramData\Druva\inSyncCloud
Storage Directories: Data, Database, Database Logs
π Note
β The above paths are applicable to both inSync Master and inSync Storage Node server
Identify the location of the Storage directories from the inSync Management Console.
Log on to the inSync Management Console.
Click Manage > Storage List.
Click the Storage name.
Under the Summary tab > Data Storage Details, check the location of the Data folder.
Under the Performance & Compaction tab, check the Database folder and Database log folder.
Go to the location of the inSync Cloud Storage directories and check if the files are encrypted or have an unknown extension.
π Note
β From the directories, try to open any .cfg files or .log files and check if you see any garbage content.The following images are examples of how files appear when not impacted by ransomware.
β
inSyncCloud subfolders and files on an inSync Master server
β
β
β
inSyncServer4 subfolders and files on inSync Master server
βVerify the storage components.
β
The following images are examples of how storage components appear when not impacted by ransomware.
β
Data folder
β
β
Data files inside druva.com folder
β
β
Database files
β
β
Database log filesIf you suspect that any of the files and folders are affected by ransomware, isolate the affected server from the network immediately, and contact Druva Technical Support for further assistance.
How to restore data for a Ransomware-impacted device using Druva inSync On-Premise?
Steps to restore data directly to the device
Ensure that the device is cleaned post the Ransomware attack.
Install and activate the inSync Client.
Open the inSync Client post the activation.
Click on the Restore icon and select the device from which you want to restore the data.
Choose the snapshot from which you want to restore the data.
Right-click on the folder you want to restore, and click Restore.
Choose the appropriate device and location, and click Ok.The restore will begin.
Alternatively, you can restore data using the inSync On-Premises Management Console.
Steps to restore data using the inSync On-Premises Management Console
Log in to the inSync On-Premise Management Console.
On the console menu bar, click Availability > Restore.
β
βUse the Search box in the top right corner to find the affected user.
β
βSelect the user and click Restore at the bottom of the page.
Select the device from which you want to restore the data.
β
βChoose the appropriate snapshot from which you want to restore the data.
β
βSelect the folder from the right hand pane that you wish to restore.
β
βClick Download.
β
β
The data download will begin.
Please contact Druva Technical Support if you encounter any issues.