Construction Company Has Data Fully Recovered After Ransomware Attack

A large U.S.-based construction company has been a client of Recovery Point since January 2022. They utilize Recovery Point’s Veeam Cloud Connect service to maintain an offsite backup copy of critical business data. The client also contracts for delivery of target recovery VMware, compute, and storage infrastructure for test and disaster events.

The client was made aware of a ransomware attack that had encrypted their production data and local backups. The cyberattack was detected by a third party managed detection and response (MDR) service provider, with the first indicator of compromise (IOC) being a ransomware note emailed to the client.

Recovery Point was contacted for support at 5:00 a.m. EST and responded immediately. During the forensic investigation it was determined that the threat actor had remained undetected and dwelling in the client’s environment for months.

The client suffered a complete loss of their on-premises business data, and was left with only cloud services, which still needed to be reviewed for infection and data exfiltration. Their local backups, which were not immutable, were also deleted during the attack.

The client was not using Recovery Point’s fully managed resiliency service, so restoring backups and recovering from any outage, including a ransomware attack, was not part of their services contract. In addition, their own recovery plan was lacking in detail and testing was not up-to-date.

Recovery Point’s backup services feature immutability for cyber resiliency. This ensured the client had off-site immutable backups, which provided a last line of defense. Leveraging an immutable copy of backup data guarantees that an untouched version of the source data is always recoverable and safe from any failure scenario.

In this case, Recovery Point was able to recover 100% of the client’s stored data — which consisted of 36 systems — in a very short time period.

Recovery Point restored backups to a variety of restore points (RPOs) and isolated the recovered data at the client’s request; a manual process that took 14 hours. Restoration could have been significantly faster had the client contracted for Recovery Point’s fully managed recovery service, Managed Resiliency, which restores business processes at the mission-critical application level, not just at the data and server levels like legacy DRaaS services. This enables businesses to get their operations running sooner.