Hello Joe,
I'm pretty new to the forum, but I've been in the Security Industry for 16 years, specializing in IPS/IDS and EDR and FW and SandBox . Based on my experience, here is my advice:
I don't think the Proxmox team has a decryption tool for Medusa ransomware.
You have better restore the backup that was not affected by the Medusa ransomware attack. After restoring the backup, it's advisable to isolate the target server, such as the Windows server(VM) or Linux server. You need to investigate the machine before reconnecting it to your network. Ensure all security patches are up to date and consider implementing additional security measures, such as network segmentation and enhanced monitoring.
If the Proxmox Backup Server itself is hit by a Medusa attack, I believe the only option is to restore the backup of the Proxmox Backup Server itself.
However, I couldn't find specific instructions on how to back up and restore the Proxmox Backup Server itself in the manual:
https://pbs.proxmox.com/docs/
Hopefully, someone will reach out with more information!
Hope this helps.
Respectfully,
Seiji
