Veeam has a dedicated team for cyber attacks. I recommend to contact Support and ask for help. 

@MatzeB is spot on here, leverage the Veeam resources that are some of the most experienced in the world at dealing with ransomware.

I’m just commenting here to also add a note of caution: you’ll no doubt see websites on the internet talking about FOG decryption tools. Take a backup/copy of any files you’re about to run through a decryption tool. Decryption tools modify the file you put in, they don’t make an unencrypted copy, this means that if a decryption tool corrupts your data, you could make it unrecoverable. If you have to work with decryption tools instead of recovering from good, clean backups, slow & steady. This is one example of the advice that Veeam’s incident response will steer you right with.

​Yes contact the Veeam Swat team throw the support. Like @MicoolPaul said don’t play with your original backup files. 

Also you could ask help to your National Agency for Information Systems Security

Ugh...sorry to hear that @lincolnbiz . As others recommended...do reach out to Veeam. Hopefully they can help you get recovered/restored.

Best.

Sorry to hear that but as others have said contact the dedicated team at Veeam for this.  No one here will be able to help unfortunately.  Let us know how it goes. 

I also need help

I also need help

Like others stated contact the Veeam team that handles this. No one here can help.

Hi@lincolnbiz 

The encryption of .VBK by FOG ransomware is a serious issue and there is no universal decryption tool available at the moment your best immediate action is to contact Veeam support for assistance.

Reach out to Veeam, and any other vendors/products effected. I’ve seen amazing work from server and storage companies assisting to get people back on their feet. 

Hi @lincolnbiz,

do decrypt vbk file you have several options:

1. using same VBR server to search for new backups and then in backup section you can find “encrypted backups” where you can find your backups and with password you can decrypt them - if you do not know password in enterprise manager you are able to recover password - in configuration section of EM
2. using different VBR server - but you need to know password
3. VBK extract is tool, which is installed with VBR on server, so you can find it in main menu under veeam folder, where is link to VBR - but you need to know password - as is here up mentioned by srinivasan.

This is an old post, but the recent post that brought it back appears to be an “ad”. 

​@safiya ​@Madi.Cristil  

User’s 2nd post both asking people to contact him about data recovery. Either selling something, or potentially worse. Just a heads up. 

I saw this and was going to report it.  Good catch Scott.

I’ve been a moderator on several forums in my day .  

You have be fair, but it’s a red flag when users ask you to DM about things, or contact them on another media out of site.   It’s possible he’s just trying to sell his product, but I assume that’s not allowed either. 

On a drumming forum I used to moderate, the buy and sell was a place you had to watch for new accounts, and they always moved conversations to DM’s as quick as possible.