Androïde and StorageCraft Dial Back the Clock on Ransomware

Androïde and StorageCraft Dial Back the Clock on Ransomware

March 18

Every business has a different set of needs. But there are two things a business of the 21st century can’t do without: IT systems and people. The lynchpin to an organization’s success is having the right people looking after their networks. Some have resources internally, but that’s not to say they can’t build a successful relationship with an IT partner.

The Actors

Groupe Somavrac Inc., a conglomerate of about 12 companies and distributor and wholesaler of chemical products in Quebec, Canada, was like many companies of their size. Groupe Somavrac have internal IT staff. However, they rely on a partner for many aspects of their IT needs, such as backup and disaster recovery.

Androïde has been serving Quebec businesses for 30 years, helping them as trusted advisors, systems integrators and service desk. As Jean-Francois Houde, Androïde’s director of service desk explains, Groupe Somavrac has now been a client for over 10 years. They recently needed Androïde onsite to lend a hand with a specific backup.

Groupe Somavrac was having problems with a vendor they used to back up a Microsoft server cluster hosted on VMware vSphere ESXi. The cluster was being backed up remotely to one main backup storage repository that held backups for multiple servers. The vendor they were using to back up the cluster consistently had issues and consistently had errors.

The solution Androïde proposed was StorageCraft ShadowProtect and StorageCraft ImageManager.

Androide Client is Hit with Ransomware

With ShadowProtect and ImageManager backing up servers offsite, everything was going smoothly. This was fortunate because it wasn’t long before Groupe Somavrac was hit with malware. As Jean-Francois explains, “They had an incident just before the holidays—Bitlocker was introduced into their network and it encrypted some files that were on the public folders.”

By now, many businesses have heard of Bitlocker, a member of a malicious family of ransomware that includes Cryptolocker and Cryptowall. The sole purpose of ransomware is to force unsuspecting companies to pay money to unseen criminals who propagate the virus. Bitlocker works by entering a company’s network and encrypting entire drives, effectively locking data and making it unusable. Bitlocker then starts a timer. If the business doesn’t pay a ransom before the timer ends, you can no longer decrypt the files and folder, and your data is useless.

Why Paying the Ransom Doesn’t Always Help

Businesses struck by ransomware who don’t have a backup are forced to make a choice. Let the files be lost, or pay the ransom and hope the files are decrypted. But there’s a catch. For some businesses, there’s no recovering from this level of data loss. Here’s what you really need to know about paying a ransom:

  • One in five businesses that have paid the ransom report that the files are never actually decrypted.
  • Businesses who risk payment could lose a couple hundred dollars for the ransom, plus total loss of their data.

Because of Groupe Somavrac’s decision to have Androïde handle backups, Androïde had a third choice: recover from StorageCraft backups. Because a good backup strategy was already in place before Groupe Somavrac was struck by Bitlocker, there was a clean image of their systems as they were before anything went wrong.

StorageCraft, the Logical Resolution

According to Jean-Francois this made recovery easy, “In just a few minutes, we were able to use a ShadowProtect backup to begin the restoration of the files needed to ensure critical services availability”. Groupe Somavrac got back what they needed, didn’t pay a ransom, and minimized the downtime caused by this incident.

Want to learn more about StorageCraft? Check out the full Recovery Solution.