An Anatomy of Responding to and Surviving a Ransomware Attack
HYCU for Nutanix
Case Study
The case study highlights the importance of robust backup solutions and responsive support in mitigating ransomware attacks, even when standard security measures fail at a large professional services firm in the southeastern US, using Nutanix Enterprise Cloud platform, storing HIPAA-regulated medical records. Key highlights include:
- Pre-attack measures:
- HYCU for Nutanix for daily incremental and weekly full backups
- Data replication to a remote data center
- Attack details:
- RYUK malware entered via an email attachment with a macro
- Two-phase attack: spread through network, then executed
- Occurred on a Sunday, encrypting all Windows PCs, laptops, servers, and network files
- Encrypted data replicated to DR site, preventing remote recovery
- Backup files on shared network drives also encrypted
- Response options explored:
- Contacting hackers (ransom demand: 92 bitcoins, ~$1M USD)
- Checking backup tapes (only 60% of data, monthly backups)
- Engaging a decryption contractor (potentially a front for hackers)
- Contacting HYCU, their backup provider
- HYCU's solution:
- Discovered an unencrypted system-generated file on HYCU VM
- HYCU support team worked globally to access and use this file
- Successfully unpacked the file and restored all the firm's VMs
- Outcome:
- Firm recovered all systems and data within 36 hours
- Avoided potentially months of recovery time and significant losses
Download Datasheet
Download Resource
Download Resource
Download eBook
Download Whitepaper
Download Case Study
Video
An Anatomy of Responding to and Surviving a Ransomware Attack
Overview
The case study highlights the importance of robust backup solutions and responsive support in mitigating ransomware attacks, even when standard security measures fail at a large professional services firm in the southeastern US, using Nutanix Enterprise Cloud platform, storing HIPAA-regulated medical records. Key highlights include:
- Pre-attack measures:
- HYCU for Nutanix for daily incremental and weekly full backups
- Data replication to a remote data center
- Attack details:
- RYUK malware entered via an email attachment with a macro
- Two-phase attack: spread through network, then executed
- Occurred on a Sunday, encrypting all Windows PCs, laptops, servers, and network files
- Encrypted data replicated to DR site, preventing remote recovery
- Backup files on shared network drives also encrypted
- Response options explored:
- Contacting hackers (ransom demand: 92 bitcoins, ~$1M USD)
- Checking backup tapes (only 60% of data, monthly backups)
- Engaging a decryption contractor (potentially a front for hackers)
- Contacting HYCU, their backup provider
- HYCU's solution:
- Discovered an unencrypted system-generated file on HYCU VM
- HYCU support team worked globally to access and use this file
- Successfully unpacked the file and restored all the firm's VMs
- Outcome:
- Firm recovered all systems and data within 36 hours
- Avoided potentially months of recovery time and significant losses
Get started today
Seriously, you really need to experience HYCU to believe it.
.png){kind=small}