blog-whaling-1

An employee opens an email virus. Read what happens & see a timeline of events [Infographic]

An employee opens an email virus. Read what happens & see a timeline of events [Infographic]

Curious how a backup and disaster recovery (BDR) service can be really helpful? Here’s a real-life example: 

One of our managed services customers recently experienced a ransomware attack. A member of staff was sent an email with a virus attached to it. This is a widely used piece of ransomware, which encrypts the files on the computer it infects and any directories on other systems it has access to.

The email looked genuine and was addressed personally to that staff member by name, so he opened it. Immediately his system was encrypted. The virus also encrypted the company file server so none of the users could access their data. Everything ground to a halt.

Shortly after a ransom request arrived in the user’s inbox asking for a sizeable amount to be paid in bitcoins. The CEO and CFO were alerted and, after a short period of mild panic and discussion, they called Abtech for advice.

Fortunately, they were signed up to our StorTrust Backup and Disaster Recovery (BDR) services. The service uses Quest Rapid Recovery software that is configured to take snapshots of their systems every 30 minutes (it can take Snapshots every 5 minutes, but this customer preferred every 30). The data is then replicated to our StorTrust cloud data center in Nevada, for disaster recovery purposes.

The StorTrust engineer checked the logs and found that the last good backup happened 5 minutes before the ransomware attack. This meant that we would be able to recover the data to a clean file server and the client would only lose 5 minutes’ worth of data.

The client agreed and we restored their infected server from a clean backup. The user’s system was also reimaged and data restored from the backup. The whole process took less than an hour and no ransom was paid.

If the infection had been more widespread, we would have elected to spin up their critical systems in our cloud, using the replicated good backup, so their users could continue working, while we cleaned and restored all their infected systems.

If you want to know more, please give us a call or download our ebooks on Disaster Planning and How to Deal with a Ransomware Attack

Tags: No tags

Add a Comment

Your email address will not be published. Required fields are marked *