Box Ransomware Restorer

Open-Sourcing a utility to help Box customers recover from ransomware

Recently, a Sentant client was affected by the DeadBolt ransomware on their legacy on-premises QNAP file server. The files had been setup to sync with the client’s new setup on Box, but once files were encrypted on the QNAP they were also encrypted at Box.

Box does not offer a user interface or premade utility to revert large numbers of files after ransomware, but provides some guidance on using their API to do so yourself. Vaibhav Bhandari, Principal Security Architect at Sentant has written a utility to use the Box API to revert files to their previous, unencrypted and ransom-free version.

Using the Sentant tools, you can quickly revert files encrypted at Box to their previous versions.

Download Box Ransomware Tools

The toolset is available here: https://github.com/vaibhavb/box-ransomware-tools

Sentant is providing these tools to the community to help anyone affected by DeadBolt or similar ransomware in their Box environment, without having internal software development resources.

The tools are provided under an Apache 2.0 open source license.

Best Practices

In addition, Sentant recommends these best practices to avoid ransomware for all users of on-premises storage:

• Point in time backups to rotating storage disconnected from the internet,
• Synchronization to a cloud service that retains version history (Box, DropBox, Google),
• Prompt security patching and updating of devices.

#DeadBolt #DontPayTheRansom