Sadly and ignorantly, I am new to Esxi / Vsphere:
I setup my own host server with just the one VM running on ESXi 7: a 2016 Windows server that I migrated from another host(it is a esxi 6.7 VM i think ) in early Oct 21,
I had never manually taken a snapshot and was in process of setting up backups that were not in place yet.
It was hit successfully with hydra ransomware over the past weekend most likely via bruteforce on the RDP. (I am located within the US)
I dont need the lectures; lesson learned the hard way. 😭 But I am looking for a hail mary to see if there's any kind of method / tool/ or whatever. (i already am searching for files within the VM with memory recovery)
is there any kind of recovery possible to revert this VM or recover data back to any time between 10-01-21(when I set it up) and 1-31-21 (when it hit) without a taken snapshot?
I wasn't sure if there was any kind of (the windows equivalent to) a "shadow copy" taken at any point that I could be assisted with restoring. I am fairly new to ESXi and VMware.
I did immediately take my first snapshot of the VM AFTER this attack in order to preserve memory from a recovery stand point.
additional info:
In mid-December (with the log4j drama), I thought it was a good time to update to ESXi 7.02 with the command line updater. Vmtools was installed in early October when I originally migrated it with the OVF tool.
Any assistance to other recovery links, ideas or just a clear "yes its possible or no. its not" would be appreciated!
I would be willing to buy the per incident support IF the community could confirm there was a way to recover without a snapshot....BUT i'm not willing to pay for an incident support for them to say "nope theres nothing."
Thank you!!
