When cyberattacks occur in large organizations, it is crucial to remember where duplicate files are stored, as this information is also subject to infection by a malware virus or more importantly in this case, by ransomware. Best practice involves first tracking where the information is located and then starting the data clean up, both for Wannacry and other future incidents:

- Files that are not encrypted were not affected by the malware because the malware did not have time to affect them. There are ways to partially recover files affected by Wannacry, which will be shown throughout the course of this article.

- It is important to always have backups and security copies that are available offline.

- Information surrounding the shared units and the cloud units.

- Information from Office365 email and the data units.

- Information from removable devices, i.e. Pen drives.

-Temporary Office files (Word, Excel, PowerPoint). If the infection was present when a document was open, a temporary file will also have been generated. These files will not be on the radar of Wannacry, meaning these files will not become encrypted. Once the files have been cleaned up, Office files can be recovered to the point they were at when Wannacry started. Once the system has been cleaned up, the temporary files generated at the time of infection can be restored.

Wannacry File Restorer

You may also be interested in

  • cloud-professional-services-migration

    Cloud Professional Services: Migration

  • alias robotic

    Telefónica Tech and Alias Robotics created the CS4R laboratory

  • navantia

    Navantia y Telefónica Tech: the Future of Cyber Defence