We have had a ransomware attack, now what?
Applies to
ONTAP 9
Answer
- Work with your Security Team to identify and remediate the source of the ransomware attack.
- Restore any impacted volumes from a snapshot prior to the event.
Additional Information
- If unable to restore snapshot from System Manager, try using the CLI instead.
- See also NetApp KB: Snapshot restore fails with error message: Failed to promote Snapshot copy snapshot-name