40TB of File Server Data from a Ransomware Attack Recovered in Under 10 Minutes

About the Organization

A Disaster Recovery as a Service (DRaaS) customer of InterVision.

The Challenge

Given the challenging nature of modern business, many organizations manage sensitive customer information continuously – which unfortunately makes them a target for cybercriminals looking to turn a profit, disrupt operations, or capture information for personal benefit.

One Saturday morning, a member of InterVision’s Cloud Solutions Team (CST) received an alert that a monitoring collector had gone offline. Responding to the down alert, the analyst called the DRaaS customer to notify and investigate the alert. The customer acknowledged an issue in the environment but wanted more time to investigate with their own internal team. The InterVision Cloud Solutions Team offered to help in any way, and the customer agreed to reach back out after their initial investigation.

Later that day, the customer made contact again to discuss recovery options. During technical collaboration, InterVision learned that ransomware on the customer’s protected environment was the cause for the outage. The customer had identified the affecting file and location, but they were still working to recover services.

The Outcome

The recovery team discussed the time of the initiation of the ransomware takeover, and the customer’s need for critical business data up to a specific time. With this information, InterVision’s team was able to make a recommendation to the customer for a specific recovery point within Zerto for their critical data, which met the customer’s needs.

Upon requesting the recovery, InterVision was able to bring up 40 terabytes of critical file servers and restore connectivity in their hosted recovery datacenter. This was accomplished in under 10 minutes. The customer was able to run these file servers in the recovery datacenter as though they were with the rest of their production environment for two weeks. In that time, the customer continued to protect other servers by replicating them to InterVision’s recovery datacenter and protect the file servers by reverse replicating them to their own production datacenter.

At the end of two weeks running in a hybrid mode, they were able to use our DRaaS to migrate the file servers back into their production environment.