Ransomware Recovery – Veeam Agent for Windows
A health care customer was affected by a ransomware attack that not only targeted their server data, but also “Veeam Agent for Windows” backups located on an external HDD. Their IT / managed services provider agreement did not include regular off-site backups, so this was the only copy of the data that existed.
The customer was able to send the affected HDD to Ontrack, where an image of the drive was taken to preserve the original state of the customer media.
Ontrack engineers assessed the damage to the affected Veeam backup files and identified that partial recovery would be possible as the files had not been fully encrypted, meaning there was a chance that some data could be recovered from within the files. However, it was determined that the version of Veeam used was newer than Ontrack could support with current tools and required development assistance.
With a global engineering presence, as well as internal development teams that maintain and improve our proprietary tools, Ontrack was able to research, develop and implement support for the new version quickly. In fact, much of the time-intensive research required had already been completed for similar jobs seen in our European offices. This allowed Ontrack developers to quickly and efficiently modify tools to the level required to be able to support this restore scenario. Rather than building out a fully-fledged tool, Ontrack engineers were able to use the improved version of the tools to complete searches for required structures to allow them to manually rebuild internal components critical to the recovery of data from within the file.
Ontrack Reclaims Animation Tape for Christchurch Production Company After Earthquake
Around midday on 22nd February, 2011 an Orly animator got up from his desk to return the company’s animation LTO to its secure data storage safe. The tape held all of the company’s animation output for the past twelve months. Ross Beck, Managing Director of Orly Productions explains, “The material on the LTO is essentially the blueprint for a year’s worth of projects. We store it on the LTO for future reference by our clients and ourselves so if they need to be used again we can draw the material from that back-up file. It’s a pretty important part of our business.”
As the animator approached the data safe he realized that other staff and a client were working nearby. Rather than intrude he placed the tape on top of the safe and decided to lock it away later. It was an unfortunate decision because, as Beck notes, “Within the hour the earth moved.” At 1pm a massive 6.3 magnitude earthquake rocked Christchurch causing immense loss of life and extensive damage throughout the city.
tape was a back up. However as life began to get back to normal the Orly team pondered the animation tape. Orly had two LTO machines but one had been damaged and they was reluctant to try the tape in the other. No one wanted to take the risk of causing any further damage to the tape or the machine.
Complex VSAN Data Recovered
Ontrack Retrieves Lost Images for Photographer
“The first time was a couple of years ago when I was using a relatively new external drive,” Bredberg explains. “All the images on it had already been given to clients but in this particular case, I hadn’t yet backed up every single file for my own records. When the drive started to fail I was faced with the loss of a number of client images.”
Although the projects had been completed and clients were already in possession of the photos, Bredberg knew it was imperative he obtain new copies of the images if at all possible. After all, maintaining the images is part of the service his clients have come to expect. At the same time, he was unwilling to approach clients to ask them to provide copies of the missing files. “It would have been too unprofessional,” he admits. The only alternative was to try to retrieve the files from the drive.
Bredberg had seen other colleagues recover from similar situations with the help of Kroll Ontrack, “I’d always been told that Ontrack is very good at what they do and that the sooner Ontrack gets the drive, the better the success of recouping the files. So as soon as I realized the drive was failing I stopped using it and sent it straight to Ontrack,” he says.
end, Ontrack did manage to get it all back for me.”
Ransomware attacks server – backup tapes erased
A ransomware attack of a company server encrypted the Microsoft Dynamics 365 data and demanded payment. Recent backups of the server were stored on multiple LTO-6 backup tapes, which had been erased by the malware.
After assessing the extent of the ransomware attack, Ontrack representatives identified the company’s backup tapes as the best option for data recovery—even though the malware had erased them. 23 LTO-6 backup tapes from the backup library were sent to the Ontrack office in Böblingen, Germany. Working in conjunction with the R&D department in the United Kingdom, Ontrack developed a custom solution to recover the data from the erased backup tapes.
Ontrack was able to restore 46TB of data from 18 of the LTO-6 tapes. Due to the type of attack on the tapes, Ontrack had to repair the logical damage, shipping the data and tapes separately back to the customer.
Ransomware VBK Recoveries on Tape - Server & NAS Systems
The attacked volume was originally also used to back up data to LTO8 tapes at regular intervals. Most of these backup tapes were also in the tape library at the time of the incident and were quickly formatted by the attackers. However, the customer was able to save an original unformatted tape with a fairly old backup date, which was then completely restored to the now empty Windows volume with a total of 6 TB. Only then was Ontrack commissioned to examine data recovery options. The HP server DL380 with the 55 3TB hard disks were transported to Ontrack in Böblingen Germany.
During the diagnosis, a large number of the searched VEEAM vbk files were successfully found on the Windows volume with Ontrack Tools and 27 records were extracted according to a priority list. The restore of the LTO8 tape partially overwrote some of the data sets and damaged the backup files.
A large part of the data could still be repaired and extracted in several steps.
Later on, 19 significantly older LTO8 quick formatted tape backups were successfully recovered from the ransomware attack as well. The attack also affected numerous European sub offices of the customer. Here were predominantly QNAP NAS systems in use which had stored virtual VMs under VMware, including backup VMs that were partially deleted or internally reformatted with another file system. Ontrack was also able to successfully restore complete backup data in 90% of the seven cases ordered.
Lost Data - What's next?
Meet Doug, Director of Client Services from ViewLift, a digital content distribution technology company located in the NoHo neighborhood of New York City. Doug experienced both a computer crash and an operating system that was wiped clean, and found himself asking those exact questions.
After some initial research and numerous referrals from computer retail and repair businesses, including a local Apple retail store that said it no longer performed data recovery work, Doug found answers to all his questions at the uBreakiFix store in Greenwich Village.
The uBreakiFix team introduced him to Ontrack, the global leader in data recovery. The in-store team talked Doug through his data recovery options and explained the process.
“I really didn’t have a preconceived notion of what uBreakiFix actually did. I thought that they were only a cell phone repair store, but they do much more,” said Doug. “The experience was great, the prices were fair and it was great to know that when I walked in the store I was greeted by the staff in an friendly manner—and in New York that is not always the case.”
No one ever plans for data loss, but when it does happen you need to know who to trust to provide a fair price and phenomenal customer service. Doug is confident that if he does experience a data loss of any kind, he knows the Greenwich Village uBreakiFix store will be there to help.
Accidental Deletion of Virtual Machines Results in 15TB Lost.
An accidental deletion at a large wireless provider causes a massive loss of email databases.
The wireless carrier stored all of their Microsoft® Exchange databases spread across 24 separate 2TB LUNs on an EMC® VNX 5400 using VMware® virtual machines. It was also set up so each database had a mirror copy on a different LUN. All of the virtual machines were accidentally deleted resulting in the loss of email for the entire company.
New tools made recovery from highly specialized EMC® Isilon® big data storage possible.
The “lost files” were mostly raw data gathered from chemical analysis in ongoing laboratory research work. The firm, together with EMC support, was able to recover 90 percent of the data using a standard rebuild process. To recover the desperately needed remaining files, Ontrack was contacted by the customer for help. Ontrack worked with the EMC support in order to get detailed information on the situation.
Ontrack is assisted by NetApp’s technology to solve a ransomware infection.
Ontrack Successfully Recovers Data from iPhone 5.
Partnering with EMC Creates New Tools for Recovery of 10 TB of Data.
Due to the Copy-On-Write system used by Isilon OneFS, the engineering team at Ontrack was able to find many copies of the deleted file metadata in the unallocated portions of the volume. They extracted 120,000 business critical files which were accidentally deleted and returned them back to the customer.
Double disk failure of RAID 5, and all patient data is gone.
Hospital databases rescued from ransomware.
Ontrack Provides Database and Backup Restores After a Flood.
Missing Dell® EqualLogic™ LUNs Recovered via Remote Data Recovery.
Ontrack recovers over 230 million files from Commvault database.
German service partner turns to Ontrack to recover business and personal data from external RAID drives.
A marketing freelancer based in Switzerland entrusted all of their business and personal data to two RAID drives attached to their Apple Macintosh and asked their IT service partner for help when the data disappeared. The partner called on Ontrack to provide specialist engineering skills and know-how to fix the problem.
24 terabytes of data recovered from RAID 6 array with newly developed toolset.
Unfortunately, the system failed to rebuild the data after two hard disk drives failed resulting in the loss of access to 24 terabytes of highly critical data. The organization approached the experts at Ontrack for help.
The Ontrack developers quickly created the tools needed to improve the success of the recovery. After only a few hours, the first virtual machine was rebuilt allowing for the extraction of the Exchange databases to be returned to the customer. The team continued to rebuild all of the critical virtual machines until the client’s email was back in production. At the end of the project, a total of 15TB of data was recovered with minimal downtime for the client.