07/06/2020 by Michael Andersen 0 Comments
4th of July Nightmare
Exactly one year ago today we received a frantic call from a locksmith in Providence. They had returned from the long weekend and discovered that they could not access any files on their server.
We sent a tech to investigate and he found that the server had been encrypted by ransomware and it most likely happened because they left Remote Desktop ports open on their firewall so they could remote into the server from home. The ransom that the hacker’s demanded was $10000!
They did have Carbonite Server Safe backup that had been installed by a prior IT company and the technician’s plan was to restore the server from that backup. First, he tried to recover from the local hard drive that was plugged into the server, but that did not work as that had been encrypted by the malware as well.
He then downloaded the image from the Carbonite cloud and initiated a recovery but ran into an issue with the software not recognizing the flash drive that the image was downloaded to. He contacted Carbonite support and was first helped by their level one support, they could however not help him and escalated him to level 2. Level 2 could not solve the issue either and he was then escalated to level 4. Now 4 hours had gone by and it was decided that the technician was going to take the server with him to continue the recovery at the shop.
Once at the shop Carbonite’s level 4 was able to get the software to recognize the drive and the backup could be initiated. The restore was successful but unfortunately it was a lengthy process and we had to bill the company for $2500 once everything was said and done.
Although the recovery was a success we do not recommend and don’t use Carbonite for our managed clients, we only use Datto’s BCDR solutions, either the Alto or the Siris devices depending on the size of the server we are backing up. The security and the speed of recovery of these solutions are why we prefer and insist on using with all our clients that have on-premise servers.
So how is your server backed up?