When dealing with ransomware, there are a few things to note:
- Jungle Disk does not have access to your data, so we cannot delete it for you or run antivirus scans on it server-side.
- Your data is enclosed in containers. Even if files infected with a virus were uploaded to your data storage provider, they cannot infect other files while uploaded. A computer would have to run the virus in order for the infection to spread.
- Infected files cannot be moved from one Online Disk to another unless you have both Online Disks open/connected to the same infected computer.
- You will need to identify which machine or machines are infected. Isolate the machines from any shared resources, including removing them from the network any non-infected machines are using. You will also want to separate infected machines from each other.
In regards to Jungle Disk, here are the steps to take if you are infected by ransomware:
- Stop the Jungle Disk service running on the infected machines. This guide shows how.
- Determine if you are able to remedy the ransomware infected machines (this post has some suggestions), or if it is best to wipe the machine and reinstall everything from scratch.
Regaining access to files stored and backed up with Jungle Disk:
- You can restore the files onto a new machine if needed while the infected machine is being remedied. Alternatively, you can wait for the original machine to be fixed or wiped and restore back to the original machine instead.
- With either option, first install the Jungle Disk software on the new machine, and during the first time setup, you will see the option to "Restore a computer backup":
- Click "Next", and you can then map the Network Drives if you have any (only for the Workgroup version of the software):
- Click "Next" after mapping your Network Drives (if applicable).
NOTE: The next screen may show options for Jungle Disk Sync for the Network Drive. If the white box is empty, just click "Next". If you are unsure of how to set it up or if you were using it before, you can click "Next" as well as Sync can be setup after the restore.
- You can then finish the first-time setup wizard. Once done, you will see the window "Select Restore Source". You will leave it at the default Backup Vault option and in the dropdown menu, select the computer name of the machine you are trying to recover data from:
- The backup database will then download and verify. That process must complete before starting a restore. Once the "Restore files" window comes up, you will select a date to restore from (before the ransomware hit), the location to restore to (such as the Desktop of the new machine), and lastly, add the files and folders to restore. Be sure to complete those steps in order:
- Once done, you can start the restore on the bottom left of the window. Any Network Drives can be accessed immediately.
We always recommend doing test restores periodically to ensure you are familiar with the process and to be ready for any emergencies that may arise. For business critical data, we also recommend having more than one backup for security purposes, which is covered in this post regarding disaster recovery practices.