Sign up to receive updates for the latest tech thought leadership insights, videos, and podcasts.
Client Result
How ROCK helped a not-for-profit recommence operations within one hour of a Ransomware attack having taken down their organisation
ROCK were contacted by a UK based charity with several overseas operations following a ransomware attack at their head office that had brought multiple teams within it's office to a halt. Having already invested in preparatory work for a number of disaster recovery situations with a consultant from ROCK; the charity were soon back at 100% operational efficiency.
At a glance
- Full backup restored across organisation within 47 minutes
- Infected machines isolated and cleansed at ROCK’s head office
The situation
When a ransomware attack successfully infected several devices at CharityCo*, they feared they’d be inoperative for several days or even weeks. Fortunately, ROCK had put backups in place following the development of a continuity strategy several months prior.
Recommendations
- Audit networks in their entirety – including endpoints – to identify locations off all company data
- Implement three backup solutions, one made to virtualised infrastructure, one to on-site storage media and another to unnetworked media kept off-site
- Develop and test robust restoration procedures for a variety of foreseeable circumstances
Outcome
Following ROCK’s Security Operations Centre having identified that CharityCo’s infrastructure had been compromised, infected devices were ring-fenced to prevent the ransomware infection spreading further. Whilst we were able to do so successfully, a significant portion of key data had already been encrypted.
Having prepared a precise strategy that was to be followed under such circumstances, though, ROCK was able to restore data – including individual user-profiles and files – to a number of unused machines from virtualised backups.
As a result of the preparatory work that ROCK had undertaken, infected devices had been isolated and all data had been restored within just 47 minutes. CharityCo had initially feared they would suffer a significant period of downtime following this attack. Instead, in less than an hour, it was as if no incident had taken place.
ROCK collected infected devices later the same day before cleansing them at our head office and returning them to the client completely cleaned, after only a few days.
*We value our clients and their right to a confidential consultation. While the name has been altered, the results are real.
