Restore data after an attack

Contributors

Snapshot copies named “Anti_ransomware_backup” are created when anti-ransomware detects a potential attack. You can restore data from these anti-ransomware copies or other Snapshot copies.

Note If a ransomware attack occurs, you should contact NetApp Support to see if they can assist with data recovery.
What you’ll need
  • Anti-ransomware enabled

  • Reports from potential ransomware attacks

System Manager procedure

  1. Display the Snapshot copies in volumes identified in a potential attack:
    Click Storage > Volumes, select the volume, then click the Snapshot Copies tab.

  2. Restore the desired copies according to these instructions:
    Recover from Snapshot copies

CLI procedure

  1. Display the Snapshot copies in volumes identified in a potential attack:
    volume snapshot show -vserver svm_name -volume vol_name

  2. Restore the desired copies according to these instructions:
    Restoring files from Snapshot copies