Construction Company Has Data Fully Recovered After Ransomware Attack
Learn how Recovery Point helped a construction company fully recover their data after a ransomware attack.
At a Glance
Recovery Point’s client was hit by a ransomware attack that encrypted their production data and local backups. It was determined that dwell time was months. Local backups were not immutable and were deleted during the attack.
100 %
of the data the client had stored with Recovery Point was recovered
14
hours was the time it took Recovery Point to recover the client's 36 systems
Overview
A large U.S.-based construction company has been a client of Recovery Point since January 2022. They utilize Recovery Point’s Veeam Cloud Connect service to maintain an offsite backup copy of critical business data. The client also contracts for delivery of target recovery VMware, compute, and storage infrastructure for test and disaster events.
Challenge
The client was made aware of a ransomware attack that had encrypted their production data and local backups. The cyberattack was detected by a third party managed detection and response (MDR) service provider, with the first indicator of compromise (IOC) being a ransomware note emailed to the client.
Recovery Point was contacted for support at 5:00 a.m. EST and responded immediately. During the forensic investigation it was determined that the threat actor had remained undetected and dwelling in the client’s environment for months.
The client suffered a complete loss of their on-premises business data, and was left with only cloud services, which still needed to be reviewed for infection and data exfiltration. Their local backups, which were not immutable, were also deleted during the attack.
The client was not using Recovery Point’s fully managed resiliency service, so restoring backups and recovering from any outage, including a ransomware attack, was not part of their services contract. In addition, their own recovery plan was lacking in detail and testing was not up-to-date.
Solution
Recovery Point’s backup services feature immutability for cyber resiliency. This ensured the client had off-site immutable backups, which provided a last line of defense. Leveraging an immutable copy of backup data guarantees that an untouched version of the source data is always recoverable and safe from any failure scenario.
Results
In this case, Recovery Point was able to recover 100% of the client’s stored data — which consisted of 36 systems — in a very short time period.
Recovery Point restored backups to a variety of restore points (RPOs) and isolated the recovered data at the client’s request; a manual process that took 14 hours. Restoration could have been significantly faster had the client contracted for Recovery Point’s fully managed recovery service, Managed Resiliency, which restores business processes at the mission-critical application level, not just at the data and server levels like legacy DRaaS services. This enables businesses to get their operations running sooner.