Ransomware Recovery – Veeam Agent for Windows
A health care customer was affected by a ransomware attack that not only targeted their server data, but also “Veeam Agent for Windows” backups located on an external HDD. Their IT / managed services provider agreement did not include regular off-site backups, so this was the only copy of the data that existed.
The customer was able to send the affected HDD to Ontrack, where an image of the drive was taken to preserve the original state of the customer media.
Ontrack engineers assessed the damage to the affected Veeam backup files and identified that partial recovery would be possible as the files had not been fully encrypted, meaning there was a chance that some data could be recovered from within the files. However, it was determined that the version of Veeam used was newer than Ontrack could support with current tools and required development assistance.
With a global engineering presence, as well as internal development teams that maintain and improve our proprietary tools, Ontrack was able to research, develop and implement support for the new version quickly. In fact, much of the time-intensive research required had already been completed for similar jobs seen in our European offices. This allowed Ontrack developers to quickly and efficiently modify tools to the level required to be able to support this restore scenario. Rather than building out a fully-fledged tool, Ontrack engineers were able to use the improved version of the tools to complete searches for required structures to allow them to manually rebuild internal components critical to the recovery of data from within the file.
Ontrack supports an IT service provider to ensure its end-customer can access legacy backup tapes
An IT service provider had to guarantee access to the legacy backup tapes of a new end-customer from the insurance industry.
The end-customer needed to have access to data on a large number of 3592 and 3592/JA tapes for a period of five years, in order to comply with data retention and governance regulations. The backup tapes had been created using Tivoli Storage Manager, however the end customer did not want to incur the costs of maintaining this environment for a five year period for infrequent backup tape restore requests.
Ransomware attacks server – backup tapes erased
A ransomware attack of a company server encrypted the Microsoft Dynamics 365 data and demanded payment. Recent backups of the server were stored on multiple LTO-6 backup tapes, which had been erased by the malware.
After assessing the extent of the ransomware attack, Ontrack representatives identified the company’s backup tapes as the best option for data recovery—even though the malware had erased them. 23 LTO-6 backup tapes from the backup library were sent to the Ontrack office in Böblingen, Germany. Working in conjunction with the R&D department in the United Kingdom, Ontrack developed a custom solution to recover the data from the erased backup tapes.
Ontrack was able to restore 46TB of data from 18 of the LTO-6 tapes. Due to the type of attack on the tapes, Ontrack had to repair the logical damage, shipping the data and tapes separately back to the customer.
Ransomware VBK Recoveries on Tape - Server & NAS Systems
The attacked volume was originally also used to back up data to LTO8 tapes at regular intervals. Most of these backup tapes were also in the tape library at the time of the incident and were quickly formatted by the attackers. However, the customer was able to save an original unformatted tape with a fairly old backup date, which was then completely restored to the now empty Windows volume with a total of 6 TB. Only then was Ontrack commissioned to examine data recovery options. The HP server DL380 with the 55 3TB hard disks were transported to Ontrack in Böblingen Germany.
During the diagnosis, a large number of the searched VEEAM vbk files were successfully found on the Windows volume with Ontrack Tools and 27 records were extracted according to a priority list. The restore of the LTO8 tape partially overwrote some of the data sets and damaged the backup files.
A large part of the data could still be repaired and extracted in several steps.
Later on, 19 significantly older LTO8 quick formatted tape backups were successfully recovered too.The attack also affected numerous European sub offices of the customer. Here were predominantly QNAP NAS systems in use which had stored virtual VMs under VMware, including backup VMs that were partially deleted or internally reformatted with another file system. Ontrack was also able to successfully restore complete backup data in 90% of the seven cases ordered.
Accidental Deletion of Virtual Machines Results in 15TB Lost.
An accidental deletion at a large wireless provider causes a massive loss of email databases.
The wireless carrier stored all of their Microsoft® Exchange databases spread across 24 separate 2TB LUNs on an EMC® VNX 5400 using VMware® virtual machines. It was also set up so each database had a mirror copy on a different LUN. All of the virtual machines were accidentally deleted resulting in the loss of email for the entire company.
Ontrack is assisted by NetApp’s technology to solve a ransomware infection.
Ontrack Successfully Recovers Data from iPhone 5.
Hospital databases rescued from ransomware.
Ontrack Provides Database and Backup Restores After a Flood.
Missing Dell® EqualLogic™ LUNs Recovered via Remote Data Recovery.
24 terabytes of data recovered from RAID 6 array with newly developed toolset.
Unfortunately, the system failed to rebuild the data after two hard disk drives failed resulting in the loss of access to 24 terabytes of highly critical data. The organization approached the experts at Ontrack for help.
The Ontrack developers quickly created the tools needed to improve the success of the recovery. After only a few hours, the first virtual machine was rebuilt allowing for the extraction of the Exchange databases to be returned to the customer. The team continued to rebuild all of the critical virtual machines until the client’s email was back in production. At the end of the project, a total of 15TB of data was recovered with minimal downtime for the client.
Data loss in paradise.
When Uprising Beach Resort in Fiji experienced a problem with their RAID configured server, they knew that they had to act quickly.
Uprising Beach Resort’s IBM server with a RAID 5 comprising of 5 SCSI hard drives failed. When the hard drives arrived at the Brisbane Cleanroom it was found that one of the mirrored operating drives had failed with internal mechanical faults. The second OS was also reporting bad sectors. Ontrack took the three hard drives that constituted the data volume, imaged the hard drives and rebuilt the RAID.
The client originally contacted VMware for support.
According to Alfred Christoffersen, manager of Uprising Beach Resort, the server contained every single record of their operations since the day that they opened. “We did have an external backup” explains Christoffersen, “but it was a month out of date. Restoring it was not an option because it would not have had the last months’ worth of data and reservations - we could have reentered a lot of the missing data manually but it would have taken weeks and we didn’t have that kind of time.” Uprising Beach Resort contacted Datec Fiji Limited who Christoffersen described as being Fiji’s biggest and best IT company. Datec Fiji Limited are a part of Ontrack’s Authorised Partner network, and after working on the server for 8 hours, they referred the case to Ontrack. “I called Ontrack after their business hours and got through to an automated voice service. I left a message and within 30 minutes, Adrian Briscoe, the Managing Director, called me back” says Christoffersen.
German service partner turns to Ontrack to recover data for customer facing loss of business and personal data from external RAID drives.
Four terabytes of data recovered from flood damaged HP EVA SAN.
Important hospital databases rescued after ransomware attack.
Ontrack supports the team.
Ontrack helps market-leading UK & European insurance company reduce archive costs by approximately 85%
An enterprise backup and archive storage provider wanted to assist it’s third party client - a marketleading UK insurance company - reduce the costs of their legacy archive storage facilities whilst maintaining restoration capabilities.
The end client was seeking to reduce the costs of maintaining a restore capability for its legacy archived data, which cost approximately £3.5 million over seven years just to maintain a restore capability.
The client then asked their new archive storage provider to seek out a way to help bring this cost down whilst maintaining the ability to restore and extract data from the legacy tapes, as these were not compatible with the new archive storage provider’s systems and required the proprietary software. The archive storage provider contacted Ontrack with their dilemma; so that they could progress with the sale of the modern archive system with a solution for maintaining the accessibility of the legacy archive tapes.
Ontrack helps a UK leading IT company recover over 60 VMs.
An IT company with data centre facilities in Europe and USA and supporting almost 2 million customers.
Accius® case study -don’t let your cloud burst.
Accius was quickly connected to Ontrack using their proprietary Ontrack® Remote Data Recovery™ (RDR®) process. The RDR engineer was able to repair the damaged cloud storage volume and recover the critical data.
“Ontrack responded quickly to our call for help and also understood that we needed to restore the data quickly to safeguard Accius’ reputation. Ontrack really understands the data recovery business and as one of only a few companies with the expertise to recover data from the cloud, Ontrack will be our first port of call should we require their services in future.”
A global pharmaceutical company wanted to ensure all data could be restored from 5,000+ tapes with suspected water and corrosion damage.
The company needed to establish whether to restore just the definitely water-damaged tapes or others also as the condition of the tapes was not known. They turned to Ontrack for advice on how to proceed.