Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
3
Replies

Recovering FMC after a Ransomware Attack

DmitriyG
Level 1
Level 1

‎06-15-2023 06:04 AM

After the Ransomware attack, our FMC VM was encrypted. The backup was unfortunately corrupted as well.
What are the methods to restore FMC from a working Firepower or something like that? Or should we do a clean installation of FMC?

0 Helpful
3 Replies 3

Kasun Bandara
VIP
VIP

‎06-15-2023 06:15 AM

@DmitriyG hi, i suggest clean installation if you have configuration backup with you. because there may or may not be compatible descriptors. because there will be no no issue in traffic without FMC. so go with clean install. and make sure to harden device settings to avoid another attack.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-15-2023 11:32 AM

Unfortunately you cannot restore a running config on an FTD to a new FMC.

The best you can do is output "show running-config" to a text file and rebuild that config in the newly built FMC manually.

0 Helpful

Marius Gunnerud
VIP
VIP

‎06-16-2023 02:30 AM

I would suggest a clean install, and unless you have already exported the ACP, NAT, Flex config policies you will need to recreate these from scratch as well as the security zones and security groups.  The only thing that is imported when you "re-onboard" the FTD are the interface configurations, everything else needs to be re-added  

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card