Jump to content

VMDK File recovery

Hello.

I would appreciate it if anyone can help

I have a virtual machine on a vmware player 12 my data got hit by a ransomware ryuk and the vmdk file was encrypted .ryk extension added and all data for the virtual machine profile was deleted.

 

I was wondering if anyone has any idea about recovering the vmdk file.

I read something about recreating the virtual  machine disk discriptor file using esxi host.

If anyone can help me if this can or might work or worth trying

Note that I have a copy of vmdk file same machine and  a copy of the virtual machine configuration if this might help (backed up years ago).

 

Appreciate your help

 

Thank you

Link to comment
Share on other sites

Link to post
Share on other sites

If it was encrypted by a ransomware, it's gone. You can import the older copy you have though - just copy it over and double click on it.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

8 minutes ago, Sauron said:

If it was encrypted by a ransomware, it's gone. You can import the older copy you have though - just copy it over and double click on it.

What about the discriptor file thing dont you think it might make sense some how ?

Link to comment
Share on other sites

Link to post
Share on other sites

28 minutes ago, Mohammad Nehme said:

What about the discriptor file thing dont you think it might make sense some how ?

The vm settings file just tells you the hardware configuration, it doesn't contain any of the VM's data.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×