The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Before running through these steps you should clear the virus alert from your quarantine via Sophos Endpoint Security and Control. To clear the Shadow volume copy:
Once the system has rebooted then please run a full system scan to check for the infection. When the system has been confirmed clean then the disabled shadow copy can be re-enabled.
On occasions the detection exists but the Windows shadow copies are not enabled. You should check for any non-Microsoft backup utilities for example 'Backup Exec'. When using third party backup software then you should contact the software vendor for instructions purging the restore.
If no third party application is used you can try enabling the backups to create a restore point and then proceed with the above steps to purge the shadow copy.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.