Camp Rubrik: Data Security Foundations
  • Camp Rubrik: Data Security Foundations
    • Lab environment
    • Welcome to Zaffre
      • Tools you will be leveraging
      • SLA driven policy engine
      • Role Based Access Control (RBAC)
      • In-place Recovery Plans
    • Identify and Recover from an attack
      • The attack
        • Navigate the two storefronts
        • Ransom note
      • Anomaly Detection
        • Accessing Anomaly Detection
        • Visibility into the attack
        • Investigations page
        • Determining blast radius
        • Instant file recovery
      • Threat Hunting
        • Identifying the entry point of an adversary
        • Building a threat hunt
        • Monitoring a threat hunt in progress
        • Review a completed hunt
      • Sensitive Data Monitoring
        • Accessing Sensitive Data Monitoring
        • Visibility into sensitive data
        • Cyber incident response
        • Business as usual
        • Policies
        • Analyzers
        • Custom analyzers & policies
        • Reporting
      • All Clear To Recover
      • Cyber Recovery
        • Accessing Cyber Recovery
        • Forensic Analysis
        • Recovery Plans
        • In-Place recovery
      • Data Security Command Center
        • Accessing Data Security Command Center
        • Platform Security
        • Anomaly Detection
        • Data Security Posture
        • Data Protection and Recovery
        • Multi-factor Authentication (MFA) with Time-based One-Time Passwords (TOTP)
      • Conclusion
Powered by GitBook
On this page
Export as PDF
  1. Camp Rubrik: Data Security Foundations
  2. Identify and Recover from an attack
  3. Anomaly Detection

Instant file recovery

PreviousDetermining blast radiusNextThreat Hunting

Many ransomware recovery plans are based on restoring entire VMs. A ransomware attack doesn’t encrypt every file, so customers shouldn’t need to restore every file to recover. Normal day-to-day business functions routinely change data. These changes are coordinated across multiple files, databases, or even VMs. If you restore files that weren’t affected by a ransomware attack, you may lose transactions or even get out of sync with other systems.

A far better approach would be to incorporate a multi-layered approach such as Rubrik’s instant file recovery into a recovery plan that can make it easy to recover only what you need.

Let's discuss how Zaffre can take advantage of this.

  • The IT team can navigate to Haverford_Site > haverford-webapp-01 > var > www > html > wp-content > plugins folder as explained in the previous Ransomware Investigation lab section.

  • Select all the rows files on the page by selecting the box in the top row next to Name.

  • After selecting the files, notice that the Recover button becomes available.

  • Click on Recover and observe the various options available to recover the files.

For now, exit out of the recovery option. We will perform the recovery in a later section.

With Rubrik, multiple options for instant file recovery are available at your fingertips!

Instant File Recovery options