Is Your Data Safe?

Ransomware attacks are on the rise and have become an extremely lucrative business for cybercriminals. It is vital that backups are 100% protected and resilient so that IT teams can successfully recover their applications and data.

So, what can Rubrik do for you? What if cyber resilience was built into your data backup and recovery platform? Rubrik’s unique Zero Trust Data Management platform adheres to the NIST principles of Zero-Trust. The fundamental premise of our Zero Trust architecture is simple:

  • Treat every user, application and device as untrustworthy. Assume that an attacker has already infiltrated the network.

  • Only grant access to authenticated users and provide only the minimum level access to perform the approved task (least privilege access).

Rubrik systems allow customers to shield data from ransomware attackers and ensure that organizations can recover quickly and successfully from ransomware. Let’s look at two Rubrik public sector customers’ ransomware recovery experiences.

How Yuba County Survived a Ransomware Attack and Lived to Tell the Tale

Various departments within Yuba County are concerned with health and public safety. The Sheriff's office is responsible for emergency calls and the health department manages testing, contact tracing, and vaccinations for COVID-19. At the beginning of 2021, however, this data was compromised by a ransomware attack and services were shut down.

The attack on Yuba County was initiated through an infected PC. Based on later forensic analysis, IT teams learned that multiple tools were used in the attack. This included Cobalt Strike penetration software, Dridex and IcedID malware, and PowerShell scripts. Kerberos authentication issues were leveraged to compromise access to Active Directory (AD) servers and deploy ransomware encryption on multiple machines. 

This form of attack is typically called a Golden Ticket attack. In the case of Yuba County, data on 100 servers was encrypted and rendered inaccessible. 

“When we were hit by ransomware, it could have been a debilitating disaster for the county; however, one of the few moments of satisfaction during weeks of discomfort was knowing that Rubrik was backing up our data and that we wouldn't have to pay the ransom for data recovery.”

Paul LaValley
former CIO of Yuba County


With Rubrik, Yuba County was able to accelerate its ransomware recovery with just a few clicks and restore to the most recent clean slate. “Backups are one of the most, if not the most, important defenses against ransomware. Rubrik’s file system was built to be immutable, meaning backups cannot be encrypted or deleted by ransomware. I am very fortunate to say that 100% of what we had on Rubrik we were able to recover with LiveMount since 90% of our servers are virtualized,” LaValley stated.

What initially drove Yuba County to adopt Rubrik was the need for a different type of DR. The DR strategy they had in place was for the typical flood or earthquake, unfit for modern-day threats, especially ransomware. “Rubrik saved our data during this sensitive time thanks to its immutability, MFA, and retention lock. Understanding that the hackers were in control of AD, Rubrik ensured we cleared AD of anything tied to Rubrik, building an immutable, protected vault,” explained LaValley.

Yuba County not only strengthened its disaster recovery strategy with Rubrik, but they also survived a ransomware attack and lived to tell the tale. With Rubrik, Yuba County had peace of mind knowing that 100% of their backups could be recovered and did not have to pay the ransom for their data.
 

City of Durham Protected and Recovered from Ransomware with Rubrik

The City of Durham is another illustrative story. In 2020, they were hit with a ransomware attack, which infected their entire network including the city’s public phone networks and emergency call system. 911 emergency services are, of course, paramount for citizens’ health and safety so the city needed to recover as soon as possible.

The City’s managed detection and response (MDR) solution began alerting on new infections at the rate of one every second. The systems engineer at the time raced over to start unplugging everything within their data center. Unfortunately, data on production storage systems was already locked. Critical systems were offline. 

The team on-site decided to leverage Rubrik backups to restore operations. They used Rubrik’s LiveMount feature to restore affected VMs, using their Rubrik system as the datastore. This was possible because the backups were kept in an immutable format, and were protected from the ransomware attack.

The City of Durham had about 200 VMs and they began restoring 20 to 30 at a time into a ‘gray network’ to keep the environment encapsulated and prevent reinfection of the network. In the end, there was no loss of data and critical 911 and public safety services were back up and running in less than 30 hours without paying any ransom. 

“The City can be assured that our backups are very good because they are immutable, which means ransomware cannot consume our backups,” stated Kerry Goode, CIO of the City of Durham.

Data is Your Most Valuable Asset, Yet Also Your Most Vulnerable

Despite having thorough and rigorous defensive security measures in place, ransomware is still corrupting data and crippling organizations.

Learn how to Defend Data Integrity with Zero Trust Architecture.

Watch Rubrik’s Data Security Talks to hear from hackers and security leaders.

Hear from more customers on data protection and ransomware recovery at FORWARD.