Overview
While the CrashPlan app cannot prevent a virus, malware, or ransomware infection on your device, it provides a critical safety net against data loss. Because CrashPlan automatically saves historical versions of your files, you can use the app to roll back your file history and download uninfected versions of your data from a specific date and time before the incident occurred.
Before you begin
To ensure a safe and successful data recovery, please ensure the following two prerequisites are completed before using the CrashPlan app:
Verify the device is secure: If you are restoring to the same computer, ensure the malware or virus has been completely removed and quarantined by your antivirus software. If you are recovering from ransomware, it is highly recommended to use a completely reformatted or brand-new device instead.
Identify the infection timestamp: Determine the approximate date and time when the infection first occurred. When you perform the restore, you will need to select a timestamp prior to this moment to ensure you do not accidentally download compromised files.
Option 1: Restoring to your current device
Use this option if you are recovering from a standard virus or malware strain on your existing, now-cleaned computer.
Open and sign in to the CrashPlan app.
Click Restore Files to access the restore menu.
In the restore menu, click the As Of Today button.
Use the calendar dialog to select a date and time before the infection occurred.
Check the boxes next to the files or folders you want to recover, then click Restore Files.
-
Configure the restore settings in the options menu:
Save selected files to: Select Original Location.
If file already exists: Select Overwrite (this replaces the corrupted or infected files with your clean historical copies).
Permissions: Leave as Current.
Click Go to begin your download.
For a more in-depth look at restoring files, see Restoring files in the CrashPlan app.
Option 2: Restoring to a new or reformatted device
Use this option if you are replacing an infected machine or have completely reformatted your hard drive.
Open and sign in to the CrashPlan app on your new or reformatted machine.
When prompted by the app, select Replace Existing (do not select "Add New Device").
Click Start, select the infected device you are replacing, and click Continue.
Click Select Files to open the file browser.
Click the As Of Today link at the top, and select a date and time before the infection occurred.
Select the files you need to recover, then click Restore Files.
-
Configure the restore settings in the options menu:
Save selected files to: Select Original Location.
Permissions: Leave as Current.
Click Go. Once the transfer completes, follow the on-screen prompts to sign in and finalize your device replacement.
For a more in-depth guide to the device replacement steps, see Replacing your device.
Recommended next steps
Once your file transfer completes, your data recovery is finished. However, to ensure your environment remains safe moving forward, you may want to consider these security best practices:
Run a fresh security scan: Perform a manual scan with your antivirus software across the newly restored folders to confirm no malicious files were inadvertently brought over.
Purge malicious extensions (Admins only): If you are an administrator and know the specific file extension used by a ransomware attack, you can apply a file type exclusion to remove those files from your backups and prevent them from from being backed up in the future.