Skip to main content

I thought I’d post a slightly different take on an experience I had several years ago in a previous role, sometimes even the good guys need some luck. We had recently taken on a new client and hadn’t had a chance to review their infrastructure, unfortunately for them, everything was domain-joined and backed up locally to a NAS.

The client got hit by ransomware and it ran amok encrypting the production VMs and unfortunately for the client also files stored on the NAS. This happened during the middle of the night and the client only noticed the next day when they turned up for work. Frantic calls followed to the help desk and the recovery effort started.

Initial response efforts found that the backup server encrypted and it looked like the backup metadata was also affected. Upon further investigation, Lady Luck shows up. It appears that a number of the VBK files were being written at the time and were locked, so they were not affected.

We deployed a new VBR server and set about importing the VBK files and luckily they imported fine. After a long and nervous weekend restoring everything, we had the client up and running they suffered a few days of data loss, although this was better than losing everything.

While we got lucky this time it goes to show how following the best practices is key and shouldn’t be overlooked and in this situation following the 3-2-1 rule would have resulted in a much better outcome for the client.

Ah, yes! Glad you were able to recover ok Mark! Thanks for sharing your story, bud.


Wow!  That was definitely lady luck on your side for that one.  Hopefully this client then decided to follow the 3-2-1-1-0 rule and get more backups offsite.  Great story Mark.


  I’ll take luck any day of the week if it saves me from ransomware!


Comment