I got hit by the latest version of Crysis ransom ware on 14/09. I was lucky enough to pull the cable on the infected PC before it could spread to all servers on my network.
However, it did spread to a file server (Server 2008 R2). The server has been taken offline and The malware managed to deleted the shadow copies.
Is there a way to recover deleted shadow copies- I need to restore from 13/09?
Thanks.
The Volume Shadow Copy Service is not a backup system but a technology that allows taking backups of files and volumes even when they are in use. While it may be handy also on restoring individual files directly, you should always have some automated backup that utilizes the VSS.
On your Windows 2008 R2 the backup system might have been Microsoft own Windows Server Backup tools or some 3rd party tool. Hopefully you have some full backup, because that might be the only way. That may also be the only way you can guarantee you have removed the infection.
