A ransomware attack prevented by a reliable, next-gen backup solution
Langs Building Supplies, a leading supplier of timber products in South Queensland, Australia, was recently hit by a ransomware attack. Due to its effective backup infrastructure, the company was able to thwart the threat and restore its data without paying a ransom.
Ransomware is a special type of malware that encrypts victims’ data and prevents them from accessing it until a ransom is paid. In a previous post, our security lead David Ramos explained the rising threat of ransomware and strategies for ransomware recovery. As Ramos stated, “With an effective backup solution, ransomware can ideally be reduced to a minor inconvenience.” This was certainly true for Langs Building Supplies.
We sat down with Matthew Day, ICT and Support Manager at Langs Building Supplies, to discuss his experience defending against a ransomware attack.
Q: How were you able to identify a ransomware attack had occurred?
A: We have monitoring tools in place to send alerts when there are high change rates in the data structure. An alert was triggered, and we were able to shut down the affected VDI desktop within minutes. Because we could stop the attack mid-stream, we were able to prevent the spread of the attack to the rest of the infrastructure.
Q: Can you describe the ransomware attack?
A: This attack entered the system through an email link that was sent to one of our employees. One of our production file servers had a CryptoLocker placed on it where around 15,000 files were renamed as .encrypted. This meant that these files could not be accessed without a proper passcode.
Q: How were you able to recover your data?
A: Because our data management solution is API-driven, we were able to write a script to restore our files back to the VM from the latest snapshot of the server. This was simple enough. It took under 25 minutes to write, and we had all of our files back to the file server and powered up in approximately one hour. The next day it was as if nothing ever happened.
Having a top-notch data management solution in place means I can go about my day-to-day job without worrying about data loss. I know I have it covered.
Q: What aspects of your current backup solution enabled this recovery to be possible?
A: We’ve taken steps to ensure our data management solution is top notch precisely to make such occurrences less of an interruption. We want to ensure that these types of situations, which you can never prepare enough for, are just minor inconveniences.
- Modern technology: Modern technology does not necessarily mean low-touch but really that it works when you need it, and how you need it to. Our converged backup appliance really helps manage our data. It can easily manage and protect our VMs, set our protection policies as general or as granular as we want, and search across our data protected for specific VMs, objects, or specific files to restore.
- Automation via APIs: The typical use case of finding a single file here and there via the UI is simple but finding thousands of files would have been time consuming. Having a programmatic interface that allows custom workflows for third party services allows us to automate and orchestrate the management of our environment even further. We were able to write a script to search for and restore our affected files without having to go through a painful dig and recover process manually.
- Data Efficiencies: We can take snapshots more often as less data needs to move to our backup location at any point in time with an incremental forever approach. This allowed us to discover the exact time when our files were renamed and recover our files from just before the attack occurred.
By putting in place a reliable and effective backup solution, cyber threats such as ransomware can be reduced to mere annoyance rather than a disturbance. As Matt commented, “Having a top-notch data management solution in place means I can go about my day-to-day job without worrying about data loss. I know I have it covered.”