Let's think about a situation where we cannot access our backups, either because they are absent or, perhaps even worse, corrupts, out of date or encrypted. Exactly, we're trying to resolve a ransomware situation with no backup. What to do in these cases?
I could say don't panic, but I'd be lying.
The situation is critical, but with some precautions in my experience you can heavily limit the damage and, in rare cases, even resolve the situation.
First of all we need to look at what can be recover. Shadow copies are essentials. It may happen that by a stroke of luck not all of them have been touched or, in other cases, a good part of them is still accessible. Here, the first thing to do is to save the savable by exporting it to a different disk than the starting one, because if you export into the original disk, you risk losing the present shadow. To do so, at first you must use the Microsoft explorer integrated tools, but if for an unfortunate reason it doesn’t works, there’s a tool called "ShadowExplorer 0.9" that comes in help to the rescue directly from shadows.
(https://www.shadowexplorer.com)
Another thing to consider is the possibility that the ransomware that hit you has already been resolved and the decryptor has been calculated and publicly released. How? There are various online, I publish two of the most popular. With these you can try to restore your files, but beware: your structure is to be considered compromised and Zero Trust thinking must be adopted. The structure must be redone from zero and patched, so as not to end up with the same vulnerability that led you to the current situation.
(https://noransom.kaspersky.com/)
(https://www.nomoreransom.org/)
Another feasible solution can be to go and search among the deleted files of your backup storages, looking for a .vbk file whose blocks have been deleted but still accessible through disk recovery programs. As you know when a file is deleted, the sectors of that file are marked as deleted, but not really deleted from the disk until they are overwritten. If you have a very large backup storage available, there may be the possibility that is your trump and save the situation.
(https://www.ccleaner.com/recuva)
These are only three possible ways to deal with a disaster recovery situation without backup and what I am about to say is obvious: backups are essential and must always be accessible and functional. You're on Veeam community, aren't you?
