Rescued MS SQL database from encrypted virtual backup on QNAP

Challenge

A leading high tech incubator construction company suffered from a ransomware cyberattack. The attack was quickly detected and the customer shut down their systems immediately, but their systems and backup had already been encrypted. Chances of recovery were rated very low.

The virtual backup was stored on QNAP NAS with 4TB hard disk drives. The most critical data to restore was their Content Management Construction Database with a couple of SQL databases running on a specific virtual machine. This VM and the specific MDF and LDF files were inside the virtual backup file encrypted by the cybercriminals. 

Solution

The customer consulted support to check if the damage could be fixed but the virtual backup file could not be extracted.

Ontrack Data Recovery engineers discussed possible next steps during a free consultation and explained the breakdown of work required for the case. On approval, Ontrack imaged drives and emulated the RAID. They scanned and analyzed the volume and found the virtual file was partially overwritten.

With tools developed in-house, Ontrack data recovery specialists were able to scan and rebuild virtual file structures and show the requested virtual machine.

It turned out the overwrite also damaged the content inside the VM itself. Ontrack extracted data from the VM and analysed the critical database, then performed a database repair.