A large U.S.-based construction company has been a client of Recovery Point’s since January 2022. They utilize Recovery Point’s Veeam Cloud Connect service to maintain an offsite backup copy of critical business data. The client also contracts for delivery of target recovery VMware, compute, and storage infrastructure for test and disaster events.
The Challenge
The client was made aware of a ransomware attack that had encrypted their production data and local backups. The cyberattack was detected by a third party managed detection and response (MDR) service provider, with the first indicator of compromise (IOC) being a ransomware note emailed to the client.
Recovery Point was contacted for support at 5:00 a.m. EST and responded immediately. During the forensic investigation it was determined that the threat actor had remained undetected and dwelling in the client’s environment for months.
The client suffered a complete loss of their on-premises business data, and was left with only cloud services, which still needed to be reviewed for infection and data exfiltration. Their local backups, which were not immutable, were also deleted during the attack.
The client was not using Recovery Point’s fully managed recovery service, so restoring backups and recovering from any outage, including a ransomware attack, was not part of their services contract. In addition, their own recovery plan was lacking in detail and testing was not up-to-date.
The Solution
Recovery Point’s backup services feature immutability for cyber resiliency. This ensured the client had off-site immutable backups, which provided a last line of defense. Leveraging an immutable copy of backup data guarantees that an untouched version of the source data is always recoverable and safe from any failure scenario.
In this case, Recovery Point was able to recover 100% of the client’s stored data — which consisted of 36 systems — in a very short time period.
Recovery Point restored backups to a variety of restore points (RPOs) and isolated the recovered data at the client’s request; a manual process that took 14 hours. Restoration could have been significantly faster had the client contracted for Recovery Point’s fully managed recovery service, Business Process Resilience (BPR), which restores business processes at the mission-critical application level, not just at the data and server levels like legacy DRaaS services. This enables businesses to get their operations running sooner.
The Recovery Point Difference
In this instance, the client had not contracted Recovery Point specifically to manage the restoration of backups or recovery from an outage. However, the Recovery Point team responded immediately, providing the help needed to get the client up and running with their data restored.
Immediately following the attack, the client moved their production data to Recovery Point’s data center in order to continue business operations, where it remained for over 45 days until the incident was fully remediated.
Recovery Point is uniquely positioned with DRaaS infrastructure, processes, and resources to support swift recovery in the face of cyberattacks.
