Databack - Récupération de données
Request a quote
THE BLOG

Databack success stories: ransomware and data recovery

Ransomware still occupies a large part of the cybercriminal landscape. Indiscriminately targeting administrations and companies of all sizes, they hold your data hostage in order to extort money from you. Never give in! Databack explains why…

Ransomware attacks companies and government agencies

The resurgence of ransomware continues unabated over the years. A very real cyberthreat to both public and private structures, ransomware evolves over time, adapting and gaining in both power and complexity.

Ransomware targets companies of all sizes, from VSEs/SMEs to GEs and large corporations, as well as government agencies and public bodies. While all structures are concerned, attacks are adapted to their targets: ransom demands are generally proportional to the size of the targeted structure.

As a data recovery company, Databack is a privileged witness to this state of affairs. Our engineers and our laboratory enable organizations to deal with the various attacks they may fall victim to: data encryption using cryptoviruses, encryption-free attacks, and so on.

Case study 2020: ransomware attack on a government agency

Among the many ransomware attacks handled by Databack, one of the most noteworthy occurred in the first half of 2020: we intervened on behalf of a public authority (a metropolis in south-eastern France) which had been completely paralyzed by a large-scale attack.

Contacted by the CIO (Director of Information Systems) to assess the extent of the damage and contamination, we carried out an inventory of the incriminated equipment. The conclusion was clear: all sectors of the administration’s IS (Information System) were affected.

The extortion software attack initially affected the virtualization layer of servers running VMware and Hyper-V systems. More seriously, it had also reached the content of the virtual machines and directly affected the data. Veeam backup systems, dedicated to VMware and Hyper-V environments, were also corrupted.

recovery ransomware attack company

Databack intervention: dealing with this ransomware attack

To counter the ransomware attack as quickly as possible, a crisis unit was set up. In less than 12 hours, we proceeded to collect the most important physical computer servers for laboratory intervention.

Our expertise in recovering data from ransomware attacks enabled us to quickly relaunch the most critical applications. However, the sheer volume of data per server meant that we had to make some choices: in agreement with the IT department, we planned a data recovery program based on the criticality of the data.

SQL Server, Oracle, etc. databases corrupted by the attack could in some cases be partially recovered. Our knowledge of these file formats enabled us to extract tables by content, and integrate them into new databases.

And in the end, after several weeks of hard work… over 90% of the data was recovered!

This data recovery scenario will undoubtedly go down as one of Databack’s greatest successes. Although delicate, complicated and demanding, countering ransomware and recovering contaminated data always represents a huge reward for our teams, as long as the result is worth the work!

22 July 2020
Back to blog

list of latest articles

KEEP IN TOUCH

SUBSCRIBE TO OUR NEWSLETTER

By entering your email address, you agree to receive the Databack newsletter. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the content. You can consult our privacy policy to find out more.
Databack Linkedin