Duplicati won't restore data from cloud. Ransom attack It's URGENT

If those together mean you’re downloading, that can get you as far as decrypting without Duplicati to make sure you can decrypt. Download AES Crypt and sample several files to make sure they seem decryptable. The reason this is useful to know is that there have been occasional reports where somehow files are not.

After a complete download, you could perform a complete decrypt (just use Control-A to multiselect, then decrypt with AES Crypt). You’ll then have converted the backup to something that’s nearby, not encrypted, and ready for Duplicati to restore as a local file backup. You can do that with direct restore, and it will take some time to build a partial temporary database. May be awhile if your backup was large, and that may be an issue if you’re under a ransomware deadline – thus the reason I have you try download/decrypt sooner.

Disaster Recovery gives general suggestions, and the download+decrypt is basically like what you’d get if using Duplicati.CommandLine.RecoveryTool.exe step 1 below to download and decrypt the OneDrive files.

C:\Program Files\Duplicati 2>Duplicati.CommandLine.RecoveryTool.exe help
Duplicati Recovery Tool
=======================

This tool performs a recovery of as much data as possible in small steps that must be performed in order.
We recommend that you use Duplicati.CommandLine.exe to do the restore, and rely only on this tool if all else fails.


The steps to perform are:
-------------------------

1: Download
  Download files from the remote store and keep them unencrypted on a location available in the local filesystem.

2: Index
  Builds an index file to figure out what data is contained inside the files downloaded

3: Restore
  Restores the files to a destination you choose

Steps 2 and 3 can be done either above or using direct restore, and I’m not sure which is the faster way…

EDIT: You “should” just be able to do the whole affair with the direct restore after installing Duplicati, but IF you’re already partway through a download, and if time pressure exists, the do-it-yourself way might give you some earlier confidence that you’ll be able to get your data back. If you have any saved configuration exports, that would help you get your backup going again, but I assume the priority now is to see if you’re likely to be able to get your latest pre-ransomware files back (thereby avoiding having to pay the ransom).

I don’t know if you’re feeling network-connection or transfer-rate-limited, but if so you might be able to find someone with a faster connection, and some downloaders can do parallel transfers to keep the net busy. Duplicati doesn’t do parallel OneDrive transfers, but Cyberduck appears to be able to do so. Connections

EDIT 2: There are a couple of even more obscure recovery tools that don’t need any Duplicati code at all, meaning they rely on you to do the download and decrypt. That’s key, so I hope your decryption looks OK.

Independent restore program and WIP Rust/Native Code disaster recovery tool

1 Like