virtualbox.org

End user forums for VirtualBox
https://forums.virtualbox.org/

VirtualBox Attacked By Ransomware

https://forums.virtualbox.org/viewtopic.php?t=106440

Page 1 of 1

VirtualBox Attacked By Ransomware

Posted: 4. Jul 2022, 00:53
by mateito10
Hi everyone,

One of my clients has a Windows Server 2012 R2 running inside a Windows 10 Pro Machine with VirtualBox. Yesterday in the morning I did discover that it was attacked by a ransomware and the files were encrypted. As you know, paying the rensom is not an option since the pirates normally take the money and never send you the tool or codes to recover your files.

They don't have a backup service nor a snapshot of the virtual machine. Do you guys know any way that I can take the machine to an earlier time (restore)? I already did windows restore on the host but that didn't help. Thanks in advance for any help that you can provide.

Re: VirtualBox Attacked By Ransomware

Posted: 4. Jul 2022, 03:32
by scottgus1
mateito10 wrote:They don't have a backup service nor a snapshot of the virtual machine.
I'm afraid they're screwed. :(

Like all other computer manufacturers, Virtualbox only provides the 'hardware'. It does not provide backup services. If they had a Virtualbox snapshot made in the VM, they could restore the VM to the state it was in when the snapshot was taken. If they had a backup copy of the VM folder, or even the VM's disk files, they could bring those files back online. If they have neither, then it is 'nuke it from orbit' time.

Re: VirtualBox Attacked By Ransomware

Posted: 4. Jul 2022, 03:36
by mateito10
I was thinking, since the VM is a huge file, is there a way to find or recover previous versions of it?

Re: VirtualBox Attacked By Ransomware

Posted: 4. Jul 2022, 04:15
by scottgus1
Only if they were made manually by a user there. Virtualbox does not automatically make them.

You mention that they don't have any snapshots. But 'snapshot' means different things to different situations. Let's see 7f the VM has one:

Right-click the VM in the main Virtualbox window's VM list, choose Show in Explorer/Finder/File Manager. Zip the VM's .vbox file (not the .vbox-prev file), and post the zip file, using the forum's Upload Attachment tab. (Configure your host OS to show all extensions if the folder that opens does not show a .vbox file.)

Re: VirtualBox Attacked By Ransomware

Posted: 4. Jul 2022, 04:41
by mateito10
Here you have it

Re: VirtualBox Attacked By Ransomware

Posted: 4. Jul 2022, 11:52
by mpack
Nope, no snapshots.

Re: VirtualBox Attacked By Ransomware

Posted: 4. Jul 2022, 11:54
by mpack
scottgus1 wrote:
mateito10 wrote:They don't have a backup service nor a snapshot of the virtual machine.
I'm afraid they're screwed. :(
And they deserve it. Presumably important data that they never bothered to back up? I call it evolution in action! :evil:
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited