In recent days we have been working tirelessly for a client who had been subject to malware but unfortunately, it was Ransomware.
Every single file was lost as well as their whole exchange server meaning they had lost their email. They had also lost their SQL Server backups and the last offsite back was from the previous year. In essence, they had lost their business at that point.
The first we heard was through a Gmail email from the IT department asking us if we had access to a data recovery expert as the services they had sought out seemed to be similar in approach to Ransomware!
We immediately introduced Travis Carter of Retrac, who by invitation had spoken at the SAP User Group, ISUG, alongside Phil Meyer from Microsoft on Security for SAP Business One environments. Travis had assisted one of our clients who had been delighted and very much relieved! This is a great link to their works: https://www.retrac.com.au/
Restoration of services
The immediate plan was to provide email capabilities and to ensure a cyber security plan was in place, more on this later. Within a few hours, they had Office 365 up and running and we asked LiveApps to provision a SAP Business One environment which CloudFactory SAP Support made available as a mirror site copy.
There seemed to be good news on the horizon as the IT team had extracted a specific and current back up which whilst showing a standard SQL error was documented by Microsoft so we set about attempting to restore. No matter which way we turned the error persisted and must have been related to the ransomware or the way the file had been extracted, we couldn’t get to the bottom of that. We were able to restore the backup from the previous year but this was a hollow and worrying victory. We knew it and could hear it in the customer's voice.
Then out of the blue, their ever tenacious in-house team had managed to access a storage device that had detected a threat and had immediately shut down and as they couldn’t access it, no more was thought, until they tried again! This backup device contained a further backup (in the “good old days” IT enforced a Grandfather-Father-Son backup policy*) Our support team advised the restore policy and it worked!!! There were celebrations everywhere and much relief!
How did this happen: Cyber Security
Next steps to security?
CloudFactory Support Comment: We recommend off-site backups that are not placed on the network.
If it weren’t for the tenacity of our client's IT team we simply don’t know what might have happened, we can only guess...ransomware attacks have increased by 20% and happen every 11 seconds so don’t think it can’t happen to you. I take this from a well-regarded Security company - Reduce your IT attack surface, detect malicious activity and behaviours and create a strategic recovery plan to ensure your organisation’s operational resiliency.
In simple words "attend to security policies and keep operating successfully".
*Grandfather-father-son backup is a common rotation scheme for backup media, in which there are three or more backup cycles, such as daily, weekly and monthly. The daily backups are rotated on a daily basis and the weekly backups are similarly rotated on a weekly basis, and the monthly backup on a monthly basis. In addition, quarterly, half-yearly, and/or annual backups could also be separately retained. Often some of these backups are removed from the site for safekeeping and disaster recovery purposes. If you are relying on a fire-proof safe ensure its capabilities, don’t buy the least expensive but that’s another story from the history files of the support team!
Cloud Factory is an ERP specialist, helping you implement ERP systems such as MYOB Advanced, SAP Business One, Microsoft Dynamics 365, Microsoft Dynamics 365 Business Central, Wiise, PowerPlatform and Korber K.Motion Warehouse Edge.