We have just had a teachers account compromised and the students involved deleted the default backup files prior to destroying the data in the course (don’t you love those kids…..)
I have backups of both the front end and back end servers and I thought the easiest way to restore those courses without messing with other courses would be to get one of the course backup files from prior to the attack. My problem is how do I identify the files from the server backup when they are encrypted?
I just thought I would ask the question in case there is an easy way that I have missed prior to bringing the complete backup of the server online which will be a major pain. I asked the question in the security are rather than the backup area as backups are working fine and it is more about finding the encrypted file.
I think it may be time to block teachers form the backup and restore areas…..