Skip to main content
NetApp Ransomware Resilience

Recover workloads with clean restore in NetApp Ransomware Resilience

Contributors netapp-ahibbard
PDFs

With NetApp Ransomware Resilience, you can perform a guided recovery after an encryption-based ransomware attack using a clean restore. The clean restore identifies optimized recovery paths to minimize data loss and return your workloads online in the shortest amount of time possible.

Before you begin

Required Console role
To perform this task, you need the Organization admin, Folder or project admin, or Ransomware Resilience admin role. Learn about Ransomware Resilience roles for NetApp Console.

You must have configured an isolated recovery environment before you can perform a clean restore.

Considerations

  • You can only perform a clean restore for an encryption-based ransomware attack.

  • If the isolated recovery environment doesn't have capacity for a new operation, it's queued until there is availability.

    • You can monitor the status of active and queued clean restore operations at any time in the Ransomware Resilience Recovery dashboard.

  • When you initiate a clean restore, the original volume is unmounted, which can disrupt IO access.

Perform a clean restore

  1. In the Recovery section, select the workload you want to restore. Select Restore.

  2. In the Restore Type options, select Clean restore then Next.

  3. Select the isolated recovery environment you want to use then Next.

  4. Review the isolated recovery environment, confirming it's the correct location. Select Restore.

  5. Ransomware Resilience performs the necessary set up. Once the set up completes successfully, Ransomware Resilience denotes Setup complete. To proceed to analysis, select Next.

  6. After the setup completes, select Run analysis. Ransomware Resilience analyzes all available restore points in the seven days prior to the ransomware event, displaying the date and type of restore point.

    Screenshot of the clean restore analysis step.

  7. After the analysis completes, select Next to plan your recovery. Ransomware Resilience presents two options: Least data loss and Latest unimpacted restore point. Select either option, and optionally look at individual file data for either restore point.

    To view granular file event data, select a file to analyze its encryption status; when it was created, modified, or deleted, and what restore point corresponds to what action.

    Screenshot of the clean restore plan step.

  8. After you choose your restore point, select Next to begin cleaning your files.

  9. Ransomware Resilience begins cleaning the workload.

    When the cleaning completes, select Start recovery to initiate the recovery.

  10. Choose if you want to save the original workload. To forgo saving the original workload, select No, replace the original workload. To save it, select Yes, save the original workload then enter a new name for the workload.

  11. Select Start recovery to initiate the recovery.

  12. When the recovery completes, select Next to move to the final phase.

  13. Select Release resources and end to release the resources and close the clean room. To confirm you want to release the resource, select End.