An Anatomy of Responding to and Surviving a Ransomware Attack
HYCU for Nutanix
![An Anatomy of Responding to and Surviving a Ransomware Attack](https://cdn.prod.website-files.com/62f18b92ed87787aa1519b5a/6343ef2e6d66f27513c7f2e4_Resources%20OGI%2023.jpg)
Case Study
The case study highlights the importance of robust backup solutions and responsive support in mitigating ransomware attacks, even when standard security measures fail at a large professional services firm in the southeastern US, using Nutanix Enterprise Cloud platform, storing HIPAA-regulated medical records. Key highlights include:
- Pre-attack measures:
- HYCU for Nutanix for daily incremental and weekly full backups
- Data replication to a remote data center
- Attack details:
- RYUK malware entered via an email attachment with a macro
- Two-phase attack: spread through network, then executed
- Occurred on a Sunday, encrypting all Windows PCs, laptops, servers, and network files
- Encrypted data replicated to DR site, preventing remote recovery
- Backup files on shared network drives also encrypted
- Response options explored:
- Contacting hackers (ransom demand: 92 bitcoins, ~$1M USD)
- Checking backup tapes (only 60% of data, monthly backups)
- Engaging a decryption contractor (potentially a front for hackers)
- Contacting HYCU, their backup provider
- HYCU's solution:
- Discovered an unencrypted system-generated file on HYCU VM
- HYCU support team worked globally to access and use this file
- Successfully unpacked the file and restored all the firm's VMs
- Outcome:
- Firm recovered all systems and data within 36 hours
- Avoided potentially months of recovery time and significant losses
Download Datasheet
Download Resource
Download Resource
Download eBook
Download Whitepaper
Download Case Study
Video
An Anatomy of Responding to and Surviving a Ransomware Attack
Overview
The case study highlights the importance of robust backup solutions and responsive support in mitigating ransomware attacks, even when standard security measures fail at a large professional services firm in the southeastern US, using Nutanix Enterprise Cloud platform, storing HIPAA-regulated medical records. Key highlights include:
- Pre-attack measures:
- HYCU for Nutanix for daily incremental and weekly full backups
- Data replication to a remote data center
- Attack details:
- RYUK malware entered via an email attachment with a macro
- Two-phase attack: spread through network, then executed
- Occurred on a Sunday, encrypting all Windows PCs, laptops, servers, and network files
- Encrypted data replicated to DR site, preventing remote recovery
- Backup files on shared network drives also encrypted
- Response options explored:
- Contacting hackers (ransom demand: 92 bitcoins, ~$1M USD)
- Checking backup tapes (only 60% of data, monthly backups)
- Engaging a decryption contractor (potentially a front for hackers)
- Contacting HYCU, their backup provider
- HYCU's solution:
- Discovered an unencrypted system-generated file on HYCU VM
- HYCU support team worked globally to access and use this file
- Successfully unpacked the file and restored all the firm's VMs
- Outcome:
- Firm recovered all systems and data within 36 hours
- Avoided potentially months of recovery time and significant losses
Get started today
Seriously, you really need to experience HYCU to believe it.