How online backups negated a ransomware infection

At a glance

ROCK was contacted by a UK based charity with several overseas operations following a ransomware attack at their head office that had brought multiple teams within its office to a halt. Having already invested in preparatory work for a number of disaster recovery situations with a consultant from ROCK; the charity was soon back at 100% operational efficiency.

The situation

When a ransomware attack successfully infected several devices at CharityCo*, they feared they’d be inoperative for several days or even weeks. Fortunately, ROCK had put backups in place following the development of a continuity strategy several months prior.


  • Audit networks in their entirety – including endpoints – to identify locations of all company data
  • Implement three backup solutions, one made for virtualised infrastructure, one for on-site storage media and another for unnetworked media kept off-site
  • Develop and test robust restoration procedures for a variety of foreseeable circumstances

How we helped

  • Full backup restored across organisation within 47 minutes
  • Infected machines isolated and cleansed at ROCK’s head office


Following ROCK’s Security Operations Centre having identified that CharityCo’s* infrastructure had been compromised, infected devices were ring-fenced to prevent the ransomware infection from spreading further. Whilst we were able to do so successfully, a significant portion of key data had already been encrypted.

Having prepared a precise strategy that was to be followed under such circumstances, though, ROCK was able to restore data – including individual user profiles and files – to a number of unused machines from virtualised backups.

As a result of the preparatory work that ROCK had undertaken, infected devices had been isolated and all data had been restored within just 47 minutes. CharityCo* had initially feared they would suffer a significant period of downtime following this attack. Instead, in less than an hour, it was as if no incident had taken place.

ROCK collected infected devices later the same day before cleansing them at our head office and returning them to the client completely cleaned, after only a few days.

*We value our clients and their right to a confidential consultation. While the name has been altered, the results are real.


Developing an agile network that enabled significant growth

© 2024 ROCK. All rights reserved.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now