To recover from a ransomware attack that had infected 90 percent of the company’s systems within 24 hours.
Running a global logistics and shipping network requires a very reliable IT infrastructure backed by a disaster recovery solution – and that’s what this organization has.
The company’s U.S. head office has a fully virtualized VMware environment running on a Hewlett Packard Enterprise 3PAR storage array. Its environment supports critical applications and data, including the user profiles and files of the company’s staff members, IBM Notes email servers, and virtualized Windows-based desktop systems running on Citrix.
However, even the most robust IT environments can be tested by ransomware, which is what recently happened to this organization. From a single infected file, a ransomware attack spread across 90 percent of the company’s servers within 24 hours.
“Users started calling in, saying they couldn’t access their apps or find their data,” said a systems analyst at the company. “So, when we looked into it, sure enough data was missing or not accessible. There were errors coming up left, right, and center.”
The team soon identified the issue – but not before the email servers had gone down, affecting staff productivity and, more crucially, communications between the company and its clients.
The ransomware was able to self-replicate rapidly by creating a new administrator-level user. “We later found that numerous other attacks occurred the same time as ours,” said the systems analyst.