Hi everyone,
One of my clients has a Windows Server 2012 R2 running inside a Windows 10 Pro Machine with VirtualBox. Yesterday in the morning I did discover that it was attacked by a ransomware and the files were encrypted. As you know, paying the rensom is not an option since the pirates normally take the money and never send you the tool or codes to recover your files.
They don't have a backup service nor a snapshot of the virtual machine. Do you guys know any way that I can take the machine to an earlier time (restore)? I already did windows restore on the host but that didn't help. Thanks in advance for any help that you can provide.
VirtualBox Attacked By Ransomware
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: VirtualBox Attacked By Ransomware
I'm afraid they're screwed.mateito10 wrote:They don't have a backup service nor a snapshot of the virtual machine.
Like all other computer manufacturers, Virtualbox only provides the 'hardware'. It does not provide backup services. If they had a Virtualbox snapshot made in the VM, they could restore the VM to the state it was in when the snapshot was taken. If they had a backup copy of the VM folder, or even the VM's disk files, they could bring those files back online. If they have neither, then it is 'nuke it from orbit' time.
Re: VirtualBox Attacked By Ransomware
I was thinking, since the VM is a huge file, is there a way to find or recover previous versions of it?
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: VirtualBox Attacked By Ransomware
Only if they were made manually by a user there. Virtualbox does not automatically make them.
You mention that they don't have any snapshots. But 'snapshot' means different things to different situations. Let's see 7f the VM has one:
Right-click the VM in the main Virtualbox window's VM list, choose Show in Explorer/Finder/File Manager. Zip the VM's .vbox file (not the .vbox-prev file), and post the zip file, using the forum's Upload Attachment tab. (Configure your host OS to show all extensions if the folder that opens does not show a .vbox file.)
You mention that they don't have any snapshots. But 'snapshot' means different things to different situations. Let's see 7f the VM has one:
Right-click the VM in the main Virtualbox window's VM list, choose Show in Explorer/Finder/File Manager. Zip the VM's .vbox file (not the .vbox-prev file), and post the zip file, using the forum's Upload Attachment tab. (Configure your host OS to show all extensions if the folder that opens does not show a .vbox file.)
Re: VirtualBox Attacked By Ransomware
Here you have it
- Attachments
-
- WindowsServer2012R2.zip
- (1.98 KiB) Downloaded 7 times
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: VirtualBox Attacked By Ransomware
Nope, no snapshots.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: VirtualBox Attacked By Ransomware
And they deserve it. Presumably important data that they never bothered to back up? I call it evolution in action!scottgus1 wrote:I'm afraid they're screwed.mateito10 wrote:They don't have a backup service nor a snapshot of the virtual machine.