Databack - Récupération de données
Request a quote
THE BLOG

Databack success stories: data recovery on HPE SimpliVity, a first!

Our Databack team was recently asked to recover data from a hyperconverged infrastructure. Contacted by a consulting firm partnering with our laboratory, we intervened on behalf of their customer, a company that had suffered a ransomware attack on their HPE SimpliVity system.

HPE SimpliVity: hyperconvergence and IT resilience

In 2017, Hewlett Packard Entreprise (HPE) is offering HPE SimpliVity, ahyperconvergence solution designed to give IS the agility of the cloud with on-premises governance, while reducing operating costs. Based on the principle of “hyperconverged” architecture, it combines computing, storage and storage area network (SAN) resources into a single system (or “node”), managed by VM (virtual machine).

This system integrates backup and protection functions to speed up data recovery operations. HPE SimpliVity thus enables high availability, the implementation of demanding BCPs and DRPs, and rapid disaster recovery. Like any hyperconverged infrastructure, it is expected to minimize business interruptions and offer high IT resilience in the event of ransomware infection…

Case study: ransomware attack on HPE SimpliVity

However, the Databack team was recently called in for a data recovery operation on HPE SimpliVity. Despite the resistance and resilience of hyperconverged infrastructures, the IS of an SME in eastern France was severely hit by a ransomware attack. The culprit: LockBit 3.0, one of today’s most active ransomware programs, of Russian origin and available as a RaaS (Ransomware as a service) version.

At the time, the SME’s HPE SimpliVity production infrastructure consisted of 4 synchronized nodes (or hyperconverged infrastructures). The company also had a backup server managed by Veeam Backup & Replication, designed to secure virtual infrastructure data and ensure business continuity.

And despite the solidity of its IS, the company saw the Lockbit ransomware infect all its infrastructures, hyperconverged as well as backup servers. When we were contacted by our partner on behalf of their customer, we found an SME in a desperate situation, as the on-site service provider could only observe the extent of the damage.

Data recovery on 80 VMs through reverse engineering

The success of this highly improbable attack made our HPE SimpliVity data recovery operation a first! The Lockbit ransomware had impacted the company’s entire administrative function and production departments. With its business paralyzed, the SME was forced to put all its employees on short-time working. The stakes were therefore high…

The first step was to establish a joint diagnosis with the consulting firm, on-site technicians and our crisis unit. The HPE SimpliVity production infrastructure and the SME’s backup server were infected, so our objective was to restore 80 VMs (virtual machines)!

In line with our protocol for recovering data from ransomware attacks, the hardware was repatriated from IT within the day, so that our crisis unit could intervene as quickly as possible. The particularity of our intervention was the need to proceed by reverse engineering, in close collaboration with the manufacturer HPE, in order to develop a suitable solution to recover the data. And after several days of hard work, our technicians succeeded in restoring the virtual machines essential to the company’s recovery.

The expertise and perseverance of our teams enabled us to limit the impact of a ransomware attack that could have been catastrophic for the survival of this SME. And it would be hard not to take a certain pride in what was the first case of data recovery on an HPE SimpliVity hyperconverged infrastructure…

24 May 2023
Back to blog

list of latest articles

KEEP IN TOUCH

SUBSCRIBE TO OUR NEWSLETTER

By entering your email address, you agree to receive the Databack newsletter. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the content. You can consult our privacy policy to find out more.
Databack Linkedin