hack restoration randsomware on VM

Question

Hello, we need urgent attention to help restore VMs that were attacked by randsomware yesterday

Answer 1

Hi sir

Thank you for contacting the Microsoft communication community

I'm very sorry to hear the news of the ransomware attack. Regarding this incident, you need to isolate the affected systems

The connection between the infected virtual machine and the network should be immediately disconnected to prevent the spread of ransomware.

(2) If using a virtual machine manager (for example, VMware, Hyper-V), please shut down the damaged virtual machine or disconnect its virtual network card.

If you need to restore the VM

(1) Verify the backup: Ensure that the backup is recent and complete (inaccessible by ransomware). If the backup is clean, please restore the virtual machine from the backup after ensuring the security of the environment.

(2) If the backup is unavailable, you need to try to rebuild the VM using an uncontaminated VHDX

• Open the Hyper-V manager
• Click on "Operation > New > Virtual Machine" in the right menu bar.
• Configure the basic information of the virtual machine
• Allocate memory
• Set the memory size according to the system requirements within VHDX, and check the option to use dynamic memory for this virtual machine (optional).
• Configure the network
• Select a virtual switch (if it has not been created, a new virtual network needs to be created in Hyper-V in advance).
• Connect the VHDX file
• Select to use the existing virtual hard disk and browse to your VHDX file (such as D:\VM\MyDisk.vhdx).
• Complete and start

Best Regards

Andrew