Asigra Cloud Backup Enables Service Provider to Recover Thousands of Files Affected by Ransomware in 7 Minutes
Submitted by Tracy Staniland on
I recently had the opportunity to speak with AssureStor a UK-based Managed Service Provider about their experience using Asigra Cloud Backup™ to deliver a secure cloud backup service to SMBs and Enterprises - in particular how their cloud backup service is helping organizations battle ransomware attacks. As more and more organizations are being affected by Cryptolocker, Crytowall, and other forms of ransomware backup is saving the day.
TS: Tell us a little about yourself.
Jason: My name is Jason Reid, and I am the founder and Managing Director of AssureStor (@AssureStor). We are a UK-based company who specialize in cloud backup and disaster recovery. We provide our services via a dedicated partner channel, and also directly to various organizations in the UK and further afield.
As a techie and self-certified ‘geek,’ one of my primary focuses is on delivering the best technology available. Our partnerships with Asigra and Zerto allow us to do just that and more.
As well as a passion for technology, I have a strong focus on customer service: for AssureStor it is one of the key areas that differentiate us from other providers. Delivering 100 percent customer satisfaction is no easy task, but AssureStor achieves this with the support of technology from the likes of Asigra that does exactly what it says it will.
TS: Jason, it took only seven minutes for you to recover 35,000 files that were affected by Locky. Tell us about the recovery process.
JR: Sure. We have a public sector customer, responsible for social housing in the UK, who was recently affected by one of the latest ransomware viruses called Locky. The virus crawled their core file server and a critical application server, encrypting over 35,000 files out of almost a million files. Using Asigra Cloud Backup, we were able to identify the encrypted files and restore all affected files within seven minutes and 29 seconds.
The initial infection took place around 38 hours prior to the customer contacting us. Fortunately for us, our cloud backup service is powered by Asigra, which provides us with the flexibility and ability to identify the specific files affected, which enabled us to perform such a quick recovery.
TS: If you could not restore the specific files affected, how long would it have taken to restore the files?
JR: Too long! The call came in from the customer who needed urgent access to a file, only to discover that their system had been infected. Unfortunately, in many cases when a system is infected the safest thing to do is restore it from a point prior to the infection. As one server had over 1TB of data this would have taken hours if we had to restore the whole system. And to compound the issue, this process would have reverted all files back to their state at the time of the backup, as well as causing the whole organization to lose access to the file server whilst we carried out the restore.
Thankfully we did not need to undertake such an invasive process. The way Locky and many malicious ransomware viruses work is through renaming and encrypting the files they infect, which essentially deletes the original file. With Asigra Cloud Backup and its extremely powerful restore wizard, we were able to create a restore job that identified the missing files (those that had been renamed by the virus) and performed a restore of only those files.
The restore time was well below 10 minutes, and we did this whilst the system was live – removing the need for any downtime.
TS: Your customer must have been pleased that you were able to recover the files.
JR: Yes, they were extremely pleased with the rapid recovery and the overall business outcome. It took our team less than 30 minutes from the time we received their call, to understanding the issue, and then identifying and recovering the files. And by removing the need for any downtime we have demonstrated the importance and value of good backup protection.
TS: Is this the first time that you have helped a customer recover their data from ransomware?
JR: No. Actually, we have helped four customers successfully recover data encrypted by ransomware of different flavors. Another one of our customers was impacted by CryptoLocker, the ransomware Trojan that targeted computers running Microsoft Windows.
TS: Can you please explain why recovery point objectives and long term retention are key in ransomware situations?
JR: Sure, happy to explain. With Asigra we can backup customer data frequently, even on large servers. This is due to the incremental forever technology, which allows us to offer multiple rollback points over short durations. In addition, with the Asigra retention rules we can store data on a longer term basis efficiently. Given that our client only realized after 38 hours that their file server had been infected by the virus, we needed to go back to that recovery point to identify and recover the encrypted files. The balance of time-based long term retention, local caching, granular file, and LAN speed recovery enabled us to easily create a restore job that pulled back all of the data quickly.
TS: Jason, what is the one piece of advice that you would provide to companies to prevent ransomware viruses from affecting their critical corporate data?
JR: Well, first I would recommend from a security perspective that organizations should implement additional protection by taking the necessary precautions to limit the access that employees have to data. In my experience, organizations will typically provide some employees – especially executives or, in the case of a legal firm, all of the partners – access to all the files and data across the entire organization. However, these individuals are not exempt from being affected by ransomware viruses. If one of these executives’ systems is affected by a virus the virus now has access to crawl all the servers and files within the organization. Employees, regardless of rank, should only have access to the data they need on a day-to-day basis to fulfill their role and responsibilities. Restriction of access to files should be enforced across the organization to limit the number of potential infection points.
Secondly, most IT teams or organizations focus on protecting their core file/Exchange servers, but they need to make sure that any server to which a user has file access is also protected. If a user can see a server, so can a virus – leading to infection! Our experience has shown that protecting application servers along with core file servers has been prudent when we have had to perform a recovery due to a virus outbreak.
Finally I would recommend that, if you do not have a data protection strategy in place that covers all of your data across your entire organization, you need to implement one today. Ransomware is not going away, and if it finds an infection point and starts crawling one system, it can weave a web throughout your entire infrastructure.
TS: Jason, thanks for your time today.
Don’t let your customers be a victim of data loss. Implement a comprehensive data protection solution that can protect all data sources across their entire organization to fight against present and future malicious malware attacks.
Have an experience you want to share – let us know. Or if you have customers affected by data loss as a result of Crytolocker, Crytowall, Locky or Ransomware, give us a call at 416-736-8111 ext. 1453 or [email protected] to discuss how we can help.