July 11, 2023

Ransomware Rollback Now Included With Datto Endpoint Detection and Response

By Chris McKie
Endpoint Detection and Response (EDR)Product / Feature LaunchRansomwareDatto EDR

When ransomware strikes, files become encrypted. That’s the hallmark signature of most ransomware attacks. Even if you pay the ransom, there’s no guarantee that you’ll get the keys to unlock your encrypted files. Bottom line, when ransomware hits you are likely to lose important data.

This ends with Ransomware Rollback. Ransomware Rollback is a new, innovative feature included with Datto Endpoint Detection and Response (EDR) that gives you peace of mind knowing that when a ransomware attack hits you’ll be able to get your files back, intact as they were before the incident.

Datto EDR includes Ransomware Detection, a unique and powerful antimalware technology that identifies known and unknown types of ransomware and kills the encryption process once an attack begins. As fast as Ransomware Detection is, the attacker’s encryption process always strikes first, meaning some files become encrypted before Ransomware Detection can kill the process and isolate the endpoint.

To address this, Datto created Ransomware Rollback, a lightweight application that tracks changes on endpoint disk space, providing rollback functionality for files and databases impacted by ransomware attacks. It consists of software that runs silently in the background, as well as a desktop application used for monitoring and managing the rollback process.

The solution works by intercepting file system calls made by applications and then performs tracking of the changes made. For example, if a file is renamed, deleted, or updated, the system records these changes and stores them in a designated tracking directory on the user’s disk.

For database applications like SQL Server or QuickBooks, Ransomware Rollback saves the data being written on an operation-by-operation basis, allowing the entire update to be rolled back if it is compromised by ransomware.

Unlike other EDR applications that offer similar rollback capabilities, Datto EDR with Ransomware Rollback does not rely on Windows shadow copy, which is often targeted by ransomware attacks. This ensures that your files and data are safe from even the most advanced cyberattack.

Ransomware Rollback management console

What’s more, Ransomware Rollback solves the problem of “wiper” attacks. Data wipers are one of the fastest growing categories of malware. Here, the objective of a wiper attack is to delete and destroy files and data.

Ransomware Rollback even restores deleted files, such as those hit by a wiper attack or files deleted by accident. Through the creation of hard links in a tracking directory, Ransomware Rollback ensures that users can restore deleted files, no matter the circumstance.

Ransomware Rollback is an integral component of Ransomware Detection, which is included with Datto EDR. With one click, you can quickly revert encrypted data and files back to their previous state, which makes the recovery process easy, efficient and effortless.

To get a demo of Datto EDR with Ransomware Rollback, click here.

Suggested Next Reads