Score:0

Restore hyper-v VM from HRL file

ng flag

We have been hit by ransomware and some of our Hyper-V image has been encrypted (primary & replica server). The one that didn't get hit, the client OS (Windows Server) was still running but almost all the files inside it got encrypted too.

We had setup replication before this attack took place. And I see some HRL file laying around in the same folder as the VM disk image. As I understand this file contains replica log that Hyper-V use to update replica server.

Since this HRL file contains tracking changes, can we undo those changes from this HRL file? If so, how can we do it?

I haven't been able to find a way to undo from HRL file. Most google search only show how to delete this files.

The host was using Windows Server 2012 R2 both primary and replica server.

So our situation are as followed:

  1. VM that been running didn't get encrypted. But the files inside it were encrypted.
  2. That VM has replication to replica server. But the VM in replica server got encrypted too.
joeqwerty avatar
cv flag
`1.` I don't believe it's possible to recover the VM from the HRL file. `2.` Open a support case with Microsoft to see what assistance they can provide. `3.` Restore your virtual machines from the latest known good backups prior to this event.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.