Datto’s Rapid Rollback: Everything You Need to Know

May 17, 2021

9 min read

Dale Shulmistra

Business Continuity Specialist @ Invenio IT

Datto’s Rapid Rollback: Everything You Need to Know

by May 17, 2021Business Continuity

Whenever data has been lost or destroyed, having access to a variety of data recovery methods is crucial for ensuring you can restore the files as quickly as possible. Every type of data loss calls for a slightly different type of recovery – and those options can vary depending on the backup solution you use. So it’s important to use the right method for the situation. In this post, we look at one method from Datto known as Rapid Rollback.

Available on the Datto SIRIS, ALTO, NAS and Cloud Continuity for PCs, Rapid Rollback enables you to quickly restore large swaths of data that have recently been modified or deleted. It’s an innovative recovery method that is especially useful during ransomware attacks, as it eliminates the need for more time-consuming and disruptive recoveries.

Here’s what you need to know about Rapid Rollback and when to use it.

What is Rapid Rollback?

Rapid Rollback is a data recovery method from Datto that allows businesses to rapidly restore files after major unwanted changes. Those changes could be caused by a variety of incidents, such as data encryption from a ransomware infection or file corruption after software updates.

Rapid Rollback is a useful recovery tool, in that it provides an alternative to other types of recovery methods that are not as efficient for these types of data-loss incidents.

Benefits

The primary benefit of Datto’s Rapid Rollback feature is that it allows you to revert the modified data on a production machine to a previously-backed-up state, without reformatting or re-partitioning the target hardware.

  • It’s far faster than performing a complete restoration of the system, such as with a bare metal restore (BMR), which completely re-images a machine.
  • It’s also faster than using a simple file restore, which would take forever to manually identify and restore all the affected files in a ransomware attack.

There is no need to delete all of the data on a server or computer. There is also no need to initialize a full restore, or copy all of the data over the network. Rapid Rollback reverts the changed data back to its earlier state with just a few clicks.

How Rapid Rollback works

Rapid Rollback actually uses the same technology as Datto’s Backup Insights utility, which allows you to quickly analyze the changes between any two recovery points on the Datto BC/DR appliance. It can identify massive amounts of block-level changes in a matter of minutes, allowing you to restore ONLY the data that was affected by the incident.

By initiating the rollback, a production machine’s filesystem is reverted to the state it was in at the time of the selected recovery point. Datto illustrates in the chart below how the Rapid Rollback utility works to restore the data, depending on the type of changes that have been made to the files:

rapid rollback explanation

Example:

In a ransomware attack, file names are typically modified as they are encrypted. But also, the file types are modified, effectively deleting the original files and replacing them with new ones. Rapid Rollback identifies any of these changes, so that you can revert back to the versions that existed at the time of the recovery point. Deleted files are restored. New files are deleted. Modified files are reverted back to normal.

Below, we break down the specific steps to using Rapid Rollback. But in a nutshell, it’s as simple as choosing a recovery point from before the unwanted changes occurred. The utility then runs a comparison with the files in that backup vs. the files on the live production machine. The changed files are then restored onto the production machine. And, as a final step, the tool validates file system integrity to ensure the data was properly restored.

What about data that wasn’t affected by the event?

This is the beauty of Rapid Rollback.

The tool is designed to identify and restore only the data that has changed since the recovery point you select. So for example, let’s say ransomware has wiped out 30% of data on a protected machine, but those changes have occurred in numerous folders, resulting in encrypted files mingling with other files that haven’t been touched. There is no need to restore everything. Rapid Rollback will only target the 30% of files that were affected, no matter where they live on the protected machine, making it a far more efficient recovery.

When to Use Rapid Rollback

We’ve touched on some scenarios in which Rapid Rollback can help. But let’s dig a little deeper to illustrate the various data-loss incidents that are a good fit for using the tool (and which are not). Below, we break down the most common situations in which to use Rapid Rollback, including:

  • Ransomware attacks
  • Restoring uninstalled software (with associated application data)
  • Recovering from operating system errors
  • Recovering large amounts of unintended file changes

Let’s start with ransomware, as it is one of the most devastating causes of data loss that businesses face today.

1) Ransomware attacks

Rapid Rollback is typically the best recovery method after a ransomware attack, which can destroy large volumes of files as well as disable operating systems and networks.

Ransomware uses strong encryption to overwrite files and sometimes deliver other forms of malware at the same time. Victims typically cannot break the encryption without paying the ransom to receive the decryption key from the attackers (though doing so is strongly discouraged by authorities and also does not guarantee you’ll get the key even if you pay).

Ransomware infections sometimes occur due to security flaws in a network, but are more often the result of malicious file attachments or links in spam or phishing emails. Ransomware attacks can shutter your operations in a matter of minutes, which is why it’s so important to maintain data backups. Data backups enable you to restore your encrypted files back to a working state and effectively remove the infection. But as we’ve mentioned, some recovery methods can be extremely cumbersome and time-consuming. That’s where Rapid Rollback comes into play.

Rapid Rollback can pinpoint all the data that has changed since the recovery point. So any file changes or newly created data from the encryption are rapidly identified and restored back to the production machine.

There’s simply no faster way to recover from a ransomware attack.

Note: Rapid Rollback cannot be used to restore data that has been infected with BitLocker ransomware. However, Datto offers some guidance for what to do in such scenarios.

2) Restoring uninstalled software (with associated application data)

Sometimes software is removed accidentally. Or, the uninstall causes unexpected issues, such as file corruption. In other cases, software is removed as organizations switch to different applications, but then the team later discovers that critical data stored in the old application was still needed.

Rapid Rollback can assist with each of these scenarios.

Regardless of the reasons for the uninstalled software, Rapid Rollback can be used to revert the software back to its working state, along with any data stored within the application. In essence, it’s like being able to “undo” the uninstall. And, it eliminates the tedious process of manually reinstalling the old software.

Similar to the process of recovering from a ransomware attack, you simply use the Rapid Rollback tool to select the applicable recovery point from before the software was removed, as well as a second recovery point (i.e. any time after the uninstall). Rapid Rollback will identify all the applicable deleted and modified files and restore them back to their previous state.

3) Recovering from operating system errors

Rapid Rollback is also an excellent tool in recovering from O/S errors, which can cause systems to repeatedly crash, corrupt data or, in a worst-case scenario, block access to nearly every application and file on the affected network or device.

These situations are relatively common after an O/S installation or major update. But whether the O/S is crashing for unknown reasons or failing due to file corruption during an update, organizations will want to restore everything back to normal as quickly as possible to avert extended downtime.

That’s where Rapid Rollback can help, thus eliminating the need to tediously diagnose the issue or manually uninstall updates.

Again, selecting two recovery points permits the Rapid Rollback tool to compare block-level changes that occurred during the O/S update. Any systems files that were deleted are restored; any files that were modified are sent back to their previous state, and files that were added to the system after the selected point in time are deleted.

By selecting a recovery point from before the update was processed, Rapid Rollback will restore those files back to the production machine, thereby removing any corrupted files and allowing administrators to restart a fresh O/S update or re-installation.

4) Recovering large amounts of unintended file changes

In essence, Rapid Rollback can be used in any instance where large amounts of data have been deleted or modified. Examples include other types of malware infections, malicious file deletion, devices that are stolen or destroyed and so on.

The high backup frequency available on the Datto SIRIS is another advantage that makes Rapid Rollback so powerful. With the ability to perform backups as often as every five minutes, and the option to store unlimited amounts of data in the Datto Cloud with its Infinite Cloud Retention offering, organizations can make their rollbacks incredibly precise. It allows you to select recovery points that are incredibly close to the time of the data-loss incident, thus reducing the risk of losing any data during the rollback.

When NOT to use Rapid Rollback

Rapid Rollback should only be used to recover from certain types of data loss in which large amounts of data have been modified. In cases of minimal data loss, for example, or more catastrophic failure in which protected machines are not booting at all, then other data recovery methods will be more effective.

Here are some examples:

  • When restoring more than 1 TB of data. Datto does not recommend using Rapid Rollback for scenarios in which more than 1 terabyte of data needs to be recovered.
  • When an operating system has crashed after a partition table failure. Datto recommends using its Bare Metal Restore Utility for this scenario.
  • When a machine is not booting and/or needs to be reimaged. If the protected machine needs to be completely wiped, or cannot be booted, then the Bare Metal Restore Utility should be used instead of Rapid Rollback.
  • When deploying a new production machine. To deploy a new machine (rather than recovering a downed one), then you’ll want to install the new server’s O/S and then migrate the data using Datto’s Direct Restore utility.
  • When you need to restore a small number of files or folders. Rapid Rollback is intended for recovering large volumes of unwanted changes. For recovery of individual files and folders, it’s more efficient to use Datto File Restore tool.

How to use Rapid Rollback

Using Rapid Rollback is a straightforward process, but you’ll want to follow the current guidance from Datto to ensure the procedure is completed properly. Here are the basic steps involved for using the tool on the Datto SIRIS:

  1. Image a USB stick (8 GB or greater) into the target machine with the latest version of the Datto Utilities image and select the Rapid Rollback option.
  2. A list of the Datto appliances detected on your local network will be shown. Select the device that holds the production machine’s backups. (You will be asked to enter a username and password to access the device.)
  3. From the list of available backed up machines, select the machine you wish to restore.
  4. Select a date that you wish to restore the target machine to, i.e. a “Healthy Recovery Point” as it’s referred to in the interface.
  5. Select the volumes / drives you want to restore.
  6. You’ll be asked to review your selections one last time. If all looks good, click ROLLBACK. (You’ll be asked to confirm this again.)
  7. A message will confirm when the recovery is complete. Then, remove the USB stick, and click Finish and Reboot. The target hardware will reboot in its restored state.

Keep in mind that the rollback will remove any data on the production machine that didn’t exist prior to the rollback date you selected. So be careful to review all your selections before proceeding.

Additionally, when configuring the rollback, you may encounter the following message if an error is detected:  “The volumes to be restored don’t match the volumes on the protected system.” This means one of two things: 1) the volumes on the production machine have changed since the selected backup occurred, or 2) you’ve selected a machine that doesn’t match the hardware you’re trying to restore the data to.

‘An absolute gamechanger’

Datto first introduced Rapid Rollback at DattoCon 18, the company’s 2018 conference held in Austin, Texas. Datto’s founder Austin McChord called it “an absolute gamechanger” and an industry first that was not available from any other BC/DR providers.

Here’s what McChord said about it in Datto’s “One Take” video series:

[Rapid Rollback] is an amazing new feature … and it’s something that no one else in our industry can do. We can take your original machine to start from, whether it’s a virtual machine or physical machine, and we can move the state of that machine back to any point in time that we’ve protected very, very quickly. We do this by nearly instantaneously calculating the difference from the current state of the machine to the state of the backup, so that we can know exactly which files and blocks to move. And we can do that transition of moving the data very, very fast …  What this means is that getting BMR-like restores is now possible in just a few minutes. Rather than having to transfer all of the data that represents the machine, which can be terabytes and terabytes and would take potentially hours to copy over, we can copy over just the change. And we can calculate that change nearly instantly, so that we can move this data incredibly fast.

Conclusion

Datto’s Rapid Rollback is an innovative data recovery method that lets you restore unwanted file changes without having to restore all data in a backup. It’s especially useful for recovering data that has been encrypted in a ransomware attack or for restoring systems after failed O/S updates or software installations. While Rapid Rollback is not ideal for all data-loss scenarios, it’s a powerful tool that can help organizations minimize downtime and get back to business after large amounts of data have been altered or destroyed.

Learn More

Learn more about protecting your organization with data backup and disaster recovery solutions from Datto. Request a free demo or speak to our business continuity experts at Invenio IT today. Call (646) 395-1170 or email success@invenioIT.com.

New call-to-action

Business Continuity Specialist @ Invenio IT