Some viruses that infect computer networks prevent user access to files and even entire systems. These viruses are often referred to as ransomware or cryptolocker viruses. When a system is infected with this malicious code, the files and folders on the system are encrypted by the virus which then demands a ransom to decrypt the data. The virus also attempts to spread from system to system and to encrypt any network shares it can access.
Once the data on systems has been encrypted, the only options for restoring the data are:
The worst case scenario occurs when both production systems and backups are encrypted.
To minimize the possibility of the Rapid Recovery Core server and the Repository being encrypted, we highly recommend implementing the following security controls:
In some cases ransomware may be able to infect a Core server but not encrypt all of the repository files because they are locked and in use by the Core service. In that case the Core server OS may be damaged and the repository XML files encrypted, but the actual repository data files may still be good. To expedite recovery in this situation, you should do the following preventative steps each time you make changes to the Rapid Recovery configuration: