We are going to go with shadow protect and image to another machine dedicated for that one job.

 

We will eventually move to VPNs.

 

We have scanned with Nod32, Premium version of malwarebytes with Ransomeware watch and we also used Hitman.

 

All scanned fine.

 

We are changing our backup process and only put back onto the server the critical files. Its quicker to backup the server. Less frequently required documents can be stored on another external.

 

We will still backup to externals but will remove them immediately on completion of the backup and we have purchased more so they can be rotated more often.

 

Our workstations are still fine. I suppose the ransomeware could still be lurking, waiting to be triggered. But our better improved backup regime will mean we should have a better recovery time.