The customer was the victim of a cyberattack. Fortunately, the unusual activity was detected in a timely manner and the network was taken offline quickly. All primary VMs were compromised and access to the virtual machines that contained the virtual backups was lost. OEM support for the 110 TB NAS system reversed the factory reset of the configuration, but the backup files could not be restored.
VMware support confirmed that the data had been corrupted by the attack. After almost four weeks without data, the customer found themselves in a critical situation. It was at this point they consulted with Ontrack's data recovery experts.
The 64 hard drives of the customer’s NAS system were carefully packed and shipped within the same day. A courier brought the shipment from Southern Europe to Ontrack's German office in Böblingen.
Due to the complex configuration of the data, Ontrack's data recovery engineers began to set up a comprehensive process for data recovery:
1.Consultation
The Ontrack team partnered with the client's team to determine the scope of the data loss and the individual storage systems affected. Based on a priority list and established scope, Ontrack created a project plan, set timing expectations, and determined the data recovery costs.
2.Diagnosis
Ontrack’s data recovery experts used proprietary tools to access the customer’s four different RAID configurations and their LUN setups. They also looked at various storage tiers such as the VMware Datastore and several corrupted 20TB+ VMs containing the virtual backups.
3. Data Recovery
The internal file system and zones had to be rebuilt for many of the virtual files. Below that, there were also large Windows Dynamic Disks to build in order to get to the customer's actual file data. Given the enormous number of layers, Ontrack's data recovery experts performed extensive research that resulted in the recovery of complete backup files, as well as VMware VMDK files and all snapshots. Once complete, the data was immediately copied to password-protected external media and delivered back to the customer by courier.
The customer had spent significant time on different attempts to recover data, and when they proved unsuccessful, desperation set in. Within a week of engaging Ontrack, they felt a sense of relief as the first file lists of the most important virtual machines were made available, and the first data was restored. Thanks to the diligence, experience, and speed of our technicians, combined with the capabilities of Ontrack's labs, an unprecedented data recovery solution is now available to all Ontrack customers hit by cyberattacks.