After a Failed Backup System and Ransomware Payment, Manufacturing Company Switches to Unitrends

If Unitrends had been their original backup solution, our client would have recovered in a single day. Instead, trying to recover with Barracuda meant they were down nine days. A Unitrends Partner

Unitrends Solution for A Midsize Manufacturing Company

Protected Environment
  • VMware virtualized servers
  • Physical servers
  • Machine controllers
  • Microsoft 365
  • Automatic ransomware detection
  • Rapid cloud data seeding
  • 90 day cloud data retention
  • Full DRaaS services

The Challenge

In 2019, an employee of a midsize manufacturing company based in Tennessee clicked on a phishing email and infected the company’s computing infrastructure with ransomware. The ransomware brought business to almost a complete halt. The cybercriminals demanded 2 bitcoin to unencrypt the data on each server, i.e., about $10,000 per machine. The company’s CIO called in their new IT technology partner, a Unitrends provider, to help in determining the best way to recover and ensure another infection does not happen. The company had been using a Barracuda appliance backing up to the Barracuda cloud, so they thought they were safe. However, when they tried to recover after the ransomware infection, there were several nasty surprises. “Not every file was being backed up, files had changed locations so even backups that were being performed were not successful, and restoring from Barracuda’s cloud was horrendous at best,” reported the Chief Operating Officer of the Unitrends Technology Partner.

“Because of the issues with Barracuda, we were forced to pay ransom on three critical servers and fortunately for the company the criminals kept their word and supplied files to decrypt the data.”

The Solution

The Unitrends Technology Partner began the recovery by examining alternatives. Due to the challenges with Barracuda’s backup failures, they reached out to the ransomware criminals and were surprised to get almost an enterprise-level communication. “They were using an internet language translation tool, as the English was odd, so we knew we were dealing with a foreign group,” said the CIO at the Technology Partner. “They responded to our communications around the clock, so it wasn’t just a guy in his basement. Because of the issues with Barracuda, we were forced to pay ransom on three critical servers and fortunately for the company the criminals kept their word and supplied files to decrypt the data.” The manufacturing company lost tens of thousands of dollars in ransomware payments, not to mention the lost time and productivity during the long recovery process.

The manufacturing company had purchased a Unitrends Recovery Series appliance just a week before, so it arrived in time to be part of the recovery operations. As files were slowly recovered from Barracuda, they were immediately backed up to the Unitrends appliance. “What was cool to see was that the automatic ransomware detection software in the Unitrends appliance was activated by the backups [that had been infected with ransomware], so the company now knows they are protected by a superior solution and the chances of another infection [in the backups] is much, much lower,” said the Partner CIO. This is critical since cybercriminals are known to reattack victims who have shown they will pay to recover their data.

A Midsize Manufacturing Company
This case study was provided by a Unitrends Partner and their client, a midsize manufacturing company in the southeastern United States. This story reveals how the actions of one employee caused a company-wide ransomware infection and losses amounting to thousands of dollars due to ransomware payments and lost productivity. Given these circumstances, the story is presented anonymously.

Follow Up

The manufacturing company, shortly after the ransomware recovery, lost a controller in a legacy storage array. Using their Unitrends Recovery Series appliance and the instant recovery feature, they were able to fully restore all their data in just a few hours. “If we were still using Barracuda it would have taken us days, not hours,” said the Partner CIO. The company also purchased 8TB of Unitrends cloud storage and Premium Unitrends Disaster Recovery-as-a-Service (DRaaS). This will ensure even faster recoveries in the future since their critical servers are now covered with a written guarantee of one-hour recoveries.