Recovery of Backup data after Ransomware attack of a Full-Service, Integrated Independent Marketing Agency in the US

Recovery without Vendor after Ransomware attack at a Full-Service, Integrated Independent Marketing Agency in the US

Highlights

Recovery of data from Incomplete Data Sets.
Recovery without needing the original Backup Software.
Tapes and data stayed at customers site throughout.

Problem

Customers systems, including their backup environment, had been encrypted during a Ransomware Attack. The last backups in the environment had not completed, because of the attack, and had overwritten all the tapes. The BackupExec software had been unable to re-catalog its tapes due to the backup sets being incomplete.

Solution

Tranzman was installed on to a server, inside the customers network, which had access to the customers tape drives and library.

After the install it was quickly configured and was reading the old BackupExec media within 30 mins of being installed.

The customer had 53 LTO4 tapes. Stone Ram worked with the customer to scan all the tapes and determine which systems they wanted to recover first.

The server used for Tranzman didn't have sufficient capacity to recover all the data in a quick and automated way, but Stone Ram worked with the customer via WebEx to recover the data in batches so the customer could transfer it over the network and the same disk space could then be re-used over and over.

Key systems were prioritised, and all available data for them was quickly recovered.

Customer had their systems online and working again without needing to trust the actors to provide a decryption key.