Skip to main content
Recover a ransomeware-affected server using Phoenix
Updated over 11 months ago

πŸ“ Note
​This article applies to

  • Windows servers, Windows servers running MS-SQL, and VMware virtual machines with Windows guest operating system, Windows servers running Phoenix CloudCache


Problem description

A ransomeware can affect the server to an extent that:

  • Entire server is not usable

  • A few server volumes are not usable

If a ransomware affects a server, the affected server requires recovery.

Resolution

Following sections describe how to use Phoenix to restore your server data.

File servers

To restore files and folders:

  1. Restore the operating system on the server and reuse the server name before it crashed.

  2. After the server is re-registered, restore files and folders using the restore to original location option from the Phoenix Management Console. See Restore a file server to the original server.

To restore data to a different server with a new operating system:


πŸ“ Note
​Ensure that you select a snapshot that was created before the ransomware affected the server.


MS-SQL servers

To restore databases:

  1. Restore the operating system on the server and reuse the server name before it crashed.

  2. Install MS-SQL server and retain the instance name.

  3. After the server is re-registered, restore databases using restore to original instance option. For more information, see Restore the databases to the original instance.

To restore the databases to a different server with a new MS-SQL server instance:


πŸ“ Note
​Ensure that you select a snapshot that was created before the ransomware affected the server.


VMware virtual machines

To restore affected virtual machines:

  1. Remove the affected virtual machine from the standalone ESXi host or vCenter server.

  2. Restore the virtual machine using the restore to alternate location option, and select the ESXi host or vCenter server where you want to restore the virtual machine. For more information, see Restore virtual machine to alternate location.

The Phoenix backup proxy that is already deployed on your standalone ESXi host or vCenter server can restore the virtual machine.


πŸ“ Note
​Ensure that you select a snapshot that was created before the ransomware affected the virtual machine.


Did this answer your question?