Australia | English Locations

1800 316 658 Start Your Data Recovery
1800 316 658
1800 316 658
Start Your Data Recovery

Ontrack Solves a Data Loss After A Cyber Incident

Written By: Ontrack

Date Published: 20 November 2024 7:26:59 AM

Ontrack Solves a Data Loss After A Cyber Incident

Arrow Left Back to listing

The Customer

A cyber-security consulting and technology integration company contacted Ontrack on behalf of their end customer, a manufacturer in the metallurgy industry who were the victims of a Ransomware attack. A back-up server was attacked meaning the company lost access to critical backups related to their business in metal and pyrotechnic machines, ammunitions and detonators.

 

The Situation

The Clients HP DL380 server was encrypted, affecting 12 critical Virtual Machines running VMWare ESX 6. During the initial stages of Ontrack’s diagnosis, it was found that the LUNs storing the VMs were accessible, but the encryption had affected the Virtual Machines directly. Upon further investigation, it was concluded that the VMs had suffered structural damage, caused by the ransomware, so the final deliverable offered by Ontrack, was to run a data extraction from the Virtual Machines.

The Client was requested to copy and provide the required VMDK files on a healthy NTFS volume, to avoid potential issues caused by a damaged ReFS volume. In addition, due to the nature of the required data, Ontrack requested the client to provide the critical file paths of the folders containing the required business applications for recovery (Infor, AutoCad, Vault).

 

The Solution

Ontrack engineers worked, using their vast experience and set of proprietary tooling developed over many years to work on the Virtual Machines to extract the data required by the client. A file listing of the two critical machines was presented to the customer after only a few days from their initial enquiry. This was a complete list of the data available for extraction, and the status and condition of each file, right down through all folders to a granular file level. This allowed the client to choose some critical data to have access to for testing and help with decision making for further extraction work.

 

The Resolution

After the testing of data process, the client reported that they were extremely happy with the results obtained by Ontrack and approved the full extractions of 3 of the 12 Virtual Machines. The data was delivered to the customer over the course of the following days allowing them to work with an internal database engineer to get them back up and running.

Ontrack also retained a back-up of the recovered data after the completion of the recovery for additional required Virtual Machines as the restore on the clients side completes. The client also had another site affected and engaged Ontrack for additional recovery services subsequently to the completion of this project.

Subscribe

Related Topics

Dell EqualLogic Data Recovery | Case Study | Ontrack

Damaged Mac Laptop? Ontrack to the Rescue.

A Deep Dive for Dell/EMC Isilon Data
Services
Products
Resources
About

KLDiscovery Ontrack Pty Ltd, Suite 9, 28 Donkin Street, West End, Brisbane, QLD 4101, Australia (see all locations)

© 2024 KLDiscovery Ontrack - All Rights Reserved.