O365Undo is a great script you can use to roll back actions of your user(s) in Office 365. Most likely, actions your user wasn’t aware of but were actually done by a CryptoLocker or by RansomWare.
These nasty virusses can cause havoc on your mapped or synced Sharepoint Online or Onedrive for Business libraries in the form of file level encryption or file name obfuscation.
On your site you published O365Undo and O365AntiCryptoLocker.
If I understand it correct a difference between the scripts is O365Undo can only be used for restoring the OneDrive folder of a user, but you can set the infection data.
O365AntiCryptoLocker can roll backup Sharepoint sites and OneDrive folders, but files will be restored to the last version.
Am I correct?