cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
581
Views
0
Helpful
3
Replies

Recovering FMC after a Ransomware Attack

DmitriyG
Level 1
Level 1

After the Ransomware attack, our FMC VM was encrypted. The backup was unfortunately corrupted as well.
What are the methods to restore FMC from a working Firepower or something like that? Or should we do a clean installation of FMC?

3 Replies 3

@DmitriyG hi, i suggest clean installation if you have configuration backup with you. because there may or may not be compatible descriptors. because there will be no no issue in traffic without FMC. so go with clean install. and make sure to harden device settings to avoid another attack.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Marvin Rhoads
Hall of Fame
Hall of Fame

Unfortunately you cannot restore a running config on an FTD to a new FMC.

The best you can do is output "show running-config" to a text file and rebuild that config in the newly built FMC manually.

I would suggest a clean install, and unless you have already exported the ACP, NAT, Flex config policies you will need to recreate these from scratch as well as the security zones and security groups.  The only thing that is imported when you "re-onboard" the FTD are the interface configurations, everything else needs to be re-added  

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card