hack restoration randsomware on VM

Health Insights Asia 0 Reputation points
2025-06-08T05:08:43.7233333+00:00

Hello, we need urgent attention to help restore VMs that were attacked by randsomware yesterday

Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Li 155 Reputation points Microsoft External Staff
    2025-06-11T08:29:44.8566667+00:00

    Hi sir

    Thank you for contacting the Microsoft communication community

    I'm very sorry to hear the news of the ransomware attack. Regarding this incident, you need to isolate the affected systems

    The connection between the infected virtual machine and the network should be immediately disconnected to prevent the spread of ransomware.

    (2) If using a virtual machine manager (for example, VMware, Hyper-V), please shut down the damaged virtual machine or disconnect its virtual network card.

    If you need to restore the VM

    (1) Verify the backup: Ensure that the backup is recent and complete (inaccessible by ransomware). If the backup is clean, please restore the virtual machine from the backup after ensuring the security of the environment.

    (2) If the backup is unavailable, you need to try to rebuild the VM using an uncontaminated VHDX

    • Open the Hyper-V manager
    • Click on "Operation > New > Virtual Machine" in the right menu bar.
    • Configure the basic information of the virtual machine
    • Allocate memory
    • Set the memory size according to the system requirements within VHDX, and check the option to use dynamic memory for this virtual machine (optional).
    • Configure the network
    • Select a virtual switch (if it has not been created, a new virtual network needs to be created in Hyper-V in advance).
    • Connect the VHDX file
    • Select to use the existing virtual hard disk and browse to your VHDX file (such as D:\VM\MyDisk.vhdx).
    • Complete and start

    Best Regards

    Andrew

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.