"Ransomware Rollback" is a process of restoring a system or network to a previous state before a ransomware attack occurred from shadow copies.
This is done by using backup and recovery tools to restore data and configurations to a point in time before the attack. A Ransomware Rollback aims to eliminate the need to pay the ransom demanded by the attackers to regain access to the encrypted data. Still, most of these features offered by vendors don't work very well in practice because attackers typically delete shadow copies. Even if the rollback is successful, the attackers are still on the network and can simply re-encrypt the device. It is important to have a backup and recovery plan in place to ensure that data can be restored quickly and efficiently in the event of a ransomware attack.