Press "Enter" to skip to content

Cyber-criminals encrypt schools’ on-prem backups and issue £1million ransomware demand

AN IT service provider’s advice to prioritise offsite data protection proved invaluable when a £1 million ransomware attack paralysed Haberdashers’ five schools in Monmouth, Wales.

Not only did cyber-criminals wipe out vital files belonging to pupils and staff, they also encrypted onsite backups held on disc and tape by a leading global provider of disaster recovery solutions.

Recovering that data would have been virtually impossible, had Haberdashers, not taken up a recommendation from ComputerWorld, the schools’ managed service provider, a few months earlier to deploy Redstor.

Storing backups in Redstor’s geographically separate data centres ensured there was an airgap between the schools’ live data and backups – and encrypting the data before it was sent to the data centre meant the ransomware was unable to execute and could not compromise the Redstor backup platform.

ComputerWorld had identified offsite data protection as an area of focus after engaging with the school earlier in the year.

Chris Burgess, the school’s account manager said: “It was important to ensure data would be safe in the event of a major hardware failure or ransomware attack.

“One of the key areas was speed of recovery for student and staff data, which is where Redstor really shines.

“ComputerWorld has a vast amount of experience when it comes to data protection and recovery, along with helping organisations recover from major incidents such as ransomware.

“The fact that we had implemented Redstor gave us added peace of mind that Haberdashers’ schools’ critical data was safe and easily recoverable.”

The ransomware found a way in through a domain admin account, spreading quickly through the main infrastructure, knocking out file servers and Exchange and SQL servers.

Cyber-criminals were demanding an initial £500,000, rising to £1 million after six days to unencrypt the data.

Fred Welsby, Director of IT at Haberdashers, recalled: “They had found all the devices and servers on the network, created a domain admin account and started trawling through our data to see what was valuable to us. There was nothing they couldn’t do.

“I came into work to find my engineer calling it ‘a disaster’. Nobody could log onto any computers.

“We did have another backup software on-prem – and one of the backup servers was on domain. That was fully encrypted, so they hit our backup systems as well.

“However, we were able to recover that server to the previous day with Redstor, so the loss of data was very minimal. The cloud backups were unaffected and were critical in restoring our systems.

“Had we not had a cloud backup system, we would have been with very limited services for a month or longer.

“We had 15TB protected by Redstor – and that was an absolute ‘godsend’. We could access files restored from Redstor within a few minutes once the restore had started.”

With InstantData™ – Redstor’s unique, user-driven streaming technology – there is no need to wait for a full recovery. Redstor gets users up and running at the click of a button by recovering massive systems seemingly in moments.

The ransomware attack followed a warning by the UK’s National Cyber Security Centre (NCSC) that there had been a spike in the targeting of schools, universities and colleges.

The Department for Education and the Government’s cyber-security arm became so concerned about the number of ransomware attacks affecting the education sector that the DfE sent out a circular, advising schools to review their defences urgently.

Haberdashers’ system was hit by sodinokibi, the ransomware variant that temporarily forced Travelex offline.

Fred recalled: “I was very relieved that we had decided to get Redstor and very happy with the support ComputerWorld provided during an incredibly difficult time.

“ComputerWorld helped us get our most important services back up and running very quickly – mainly email and Microsoft 365 authentication that was hosted on-prem, which enabled us to start teaching again.”

About Haberdashers’ Monmouth Schools: Monmouth School for Boys was founded by William Jones, a member of The Worshipful Company of Haberdashers, in 1613 during the reign of James I. The foundation now also supports Monmouth School for Girls, Monmouth School Girls’ Prep, Monmouth School Boys’ Prep and Monmouth Schools Pre-Prep & Nursery.

About ComputerWorld: ComputerWorld are specialist a consultancy focusing on Infrastructure Modernisation, Workspace Transformation and Security. Offering a wide range of services including procurement, managed services, architectural design and implementation as well as technical and IT application training.

About Redstor: Whether data is stored on-prem, in the cloud or in a hybrid environment, Redstor’s unique InstantDataTM technology provides on-demand access, streaming recoveries in real time to any device, making downtime a thing of the past.

With a smart, all-in-one, data management platform designed for the channel, Redstor ensures the customer experience is seamless and simple. Intuitive software makes data management quick and easy, while Redstor’s online training and marketplace, allows partners to accelerate their entire sales journey by onboarding, converting, provisioning and billing faster.

Partners can service customers from anywhere at any time through a single, web-based control centre and protect Microsoft 365 data as part of a client’s unified, automated, policy-driven data management strategy – while strong encryption takes care of security.

Trusted by more than 40,000 clients and 350 partners, UK-headquartered Redstor is available worldwide through a network of resellers. For further information please visit www.redstor.com.

Please follow and like us:

Be First to Comment

Leave a Reply

2020