40TB of File Server Data from a Ransomware Attack Recovered in Under 10 Minutes

hexpattern-2
hexpattern-2
About the Organization

A Disaster Recovery as a Service (DRaaS) client of InterVision.

The Challenge

Given the challenging nature of modern business, many organizations manage sensitive customer information continuously – which unfortunately makes them a target for cybercriminals looking to turn a profit, disrupt operations, or capture information for personal benefit.

One Saturday morning, a member of InterVision’s Cloud Solutions Team (CST) received an alert that a monitoring collector had gone offline. Responding to the down alert, the analyst called the DRaaS client to notify and investigate the alert. The client acknowledged an issue in the environment but wanted more time to investigate with their own internal team. The InterVision Cloud Solutions Team offered to help in any way, and the client agreed to reach back out after their initial investigation.

Later that day, the client made contact again to discuss recovery options. During technical collaboration, InterVision learned that ransomware on the client’s protected environment was the cause for the outage. The client had identified the affecting file and location, but they were still working to recover services.

The Outcome

The recovery team discussed the time of the initiation of the ransomware takeover, and the client’s need for critical business data up to a specific time. With this information, InterVision’s team was able to make a recommendation to the client for a specific recovery point within Zerto for their critical data, which met the client’s needs.

Upon requesting the recovery, InterVision was able to bring up 40 terabytes of critical file servers and restore connectivity in their hosted recovery datacenter. This was accomplished in under 10 minutes. The client was able to run these file servers in the recovery datacenter as though they were with the rest of their production environment for two weeks. In that time, the client continued to protect other servers by replicating them to InterVision’s recovery datacenter and protect the file servers by reverse replicating them to their own production datacenter.

At the end of two weeks running in a hybrid mode, they were able to use our DRaaS to migrate the file servers back into their production environment.

Resolving Ransomware Incidents with DRaaS
Download Now