ALTUS AND THE CRYPTO VIRUS

Posted: May 23, 2022Category:

 

WHEN LONGTIME CLIENT, ALTUS NZ, WAS ATTACKED BY A MAJOR VIRUS, THE IT LIVE TEAM WERE INSTANTLY ON HAND AT JUST AFTER 5AM TO ENSURE ALTUS NZ WAS IN THE FIRST INSTANCE PROTECTED AND THEN BACK IN BUSINESS AS SOON AS POSSIBLE.

 

 

As Altus’ trusted IT&C consultants for over ten years, IT Live works with Altus as an IT support business partner offering strategic advice, server support and maintenance across the organisation’s IT infrastructure.

Deon Gresse, Infrastructure manager, Altus said, “At 5:05am on Tuesday, 28 October 2020, I received an outage alert preventing access to our system. With immediate suspicion we contacted IT Live who within 15 minutes determined that Altus was attacked by a major ransomware crypto virus which encrypted the company’s data, causing total outage. Our immediate priority was to protect our employees, the business and get the company fully operational and back online.”

Industry expert, Dawid Sadie, Director, IT Live knew the extent of the virus and led the IT Live team to act fast and disable all user accounts within 30 minutes. This included admin, hosts, internet and sites across the network which eliminated the spread and mitigated further damage the suspicious attack had already instigated.

 

“Crypto attacks encrypt files on an infected machine, making them completely unrecoverable. To obtain the key which the attacker demands ransom in return, the compromised computer will attempt to transfer the virus to other machines and repeat this process. The most critical step is to immediately disable servers and isolate the network, before further analysis is initiated.”
Dawid Sadie, IT Live

 

Core to Altus’ business was protecting the Hyper-V environment. Out of 160 servers, 40 percent required recovery. IT Live’s strategy was to isolate each host and apply a security baseline, deploy antivirus software, and introduce Altus to industry leading backup and recovery solution, Hitachi Vantara.

All hands-on deck, Dawid and the IT Live team formed a steering committee in conjunction with Altus’ CIO, Mark Corboy and IT Manager, Deon Gresse. The teams worked cohesively from the IT Live office to strategize and manage the situation effectively and efficiently.  Following protocol and with the ability to live stream to the storage server, IT Live created new domain administrator accounts, with updated passwords and identities. Altus admins was back online within 2 hours, while IT Live continued to systematically run various AV and Malware scanners to ensure servers were cleaned and replaced anti-virus systems.

Once identity servers were functioning, the restore and recovery process began. With Veeam software installed in Altus’s Disaster Recovery (DR) solution from IT Live’s prior engagement, IT Live could easily integrate and stream Hitachi Vantara backup and recovery solution to the hypervisors, recovering the server  in minutes.

Dicker Data – the region’s leading distributor of hardware, software, cloud and emerging technologies worked with IT Live to design the best solution. Together they tailored and collaboratively designed Hitachi’s HCP for cloud scale and Veeam Scale-Out Backup Repository.

Typically, a 6 to 12-month process, IT Live resolved Altus’ outage in two days, with minimal impact to users and business operation. Hitachi Vantara and Veeam backup and recovery solution is scalable, offers long-term data retention of virtual, physical and cloud-based workloads and is cost-effective. The solution was the catalyst to achieving fast and reliable backup, restoring business critical applications and replication for Altus workloads.  Dawid said, “In our +/- 160 server environment crypto, the previously implemented Veeam and Hitachi solution strengthened and fast-tracked the recovery due to our ability to stream production servers directly from Veeam back to the production Hitachi storage. Every machine is now successfully recovered and backed up protecting Altus against subsequent crypto events.”

Today, ransomware remains one of the biggest threats to data globally with backup data a primary target for attacks. As the IT Live and Altus engagement continues, Hitachi Vantara and Veeam solutions remain active running test plans, audits, selected configurations, test methodologies, and processes to prevent, detect and mitigate cyber threats and ransomware attacks.

 

“What stood out the most was speed of recovery, minimal business and employee downtime, and IT Live’s ability to provide reassurance and complete transparency. We are on an ongoing security journey. IT Live is a true partner, with their finger on the pulse constantly adding value and finding new solutions to improve our security and IT infrastructure. We’re able to operate business as usual comfortably, knowing the IT Live team have our needs sorted.”
Deon Gresse, Infrastructure Manager

 

KEY CHALLENGES AND BUSINESS DRIVERS:

  1. AltusNZ was attacked by a major ransomware crypto virus that encrypted the company’s data causing a total outage
  2. The crypto attack encrypted files on an infected device, causing organisational and employee downtime 
  3. Altus received an online outage alert preventing access to their system
  4. The company feared the risk of ransomeware transfer to other company machines
  5. Altus were faced with the possibility of locked and unrecoverable files

 

BENEFITS DELIVERED BY IT LIVE:

  1. Efficiently determined the crypto attack, scale and scope of the infection
  2. Rapid isolation of the infection preventing the virus from spreading across the organisation’s network
  3. Guided resolution by forming an IT Live and Altus committee to enable rapid response and recovery
  4. IT Live minimised downtime getting Altus online and operational within two days
  5. Evaluated and recovered encrypted systems
  6. Integrated Hitachi Vantara backup and recovery solution with Veeam software enabling IT Live to address the crypto attack, in the shortest possible time
  7. Typically, a 6 to 12-month process, IT Live resolved Altus’ outage in 2 days, with minimal impact to users and business operation
  8. Reported the attack for investigation to The International Criminal Police Organisation (INTERPOL)

Keep up to date with all the latest news and events

Contact us today

"*" indicates required fields