Online in just 2 hours after cyberattack


Raymond Pacpaco
Apr 28, 2021

IT Live has Altus back online in just 2 hours after vicious ransomware cyberattack

Altus company profile
Founded in July 2016 by the union of two conglomerates, Fletcher Aluminium and NALCO™, AltusNZ LTD is New Zealand’s award-winning manufacturer and exporter of innovative designs in aluminium extrusions and windows and doors systems. Distributing products across local and international markets, AltusNZ have a rich history in providing market-leading innovations and business systems for the construction and industrial sectors.

Key challenges and business drivers

  • Altus was attacked by a major ransomware crypto virus that encrypted the company’s data, causing a total outage
  • The crypto attack encrypted files on an infected device, causing organisational and employee downtime
  • Altus received an online outage alert preventing access to their system
  • The Company was feared the risk of ransomware transfer to other machines
  • Altus were faced with the possibility of locked and unrecoverable files

Benefits delivered by IT Live

  • Efficiently determined the crypto attack, scale and scope of the infection
  • Rapid isolation of the infection preventing the virus from spreading across the organisation’s network
  • Guided resolution by forming an IT Live and Altus committee to enable rapid response and recovery    
  • IT Live minimised downtime getting Altus online and operational within two hours    
  • Evaluated and recovered encrypted systems
  • Integrated Hitachi Vantara backup and recovery solution with Veeam software enabling IT Live to address the crypto attack, in the shortest possible time
  • Typically, a 6–12-month process, IT Live resolved Altus’ outage in 2 days, with minimal impact to users and business operation
  • Reported the attack for investigation to The International Criminal Police Organization (INTERPOL)

As Altus’ trusted IT&C consultants for over ten years, IT Live works with Altus as an IT support business partner offering strategic advice, server support and maintenance across the organisation’s IT infrastructure.

Deon Gresse, Infrastructure manager, Altus said, “At 5:05am on Tuesday, 28 October 2020, I received an outage alert preventing access to our system. With immediate suspicion we contacted IT Live who within 15 minutes determined that Altus was attacked by a major ransomware crypto virus which encrypted the company’s data, causing total outage. Our immediate priority was to protect our employees, the business and get the company fully operational and back online.”

Industry expert, Dawid Sadie, Director, IT Live knew the extent of the virus and led the IT Live team to act fast and disable all user accounts within 30 minutes. This included admin, hosts, and sites across the network which eliminated the spread and mitigated further damage the suspicious attack had already instigated.

Dawid said, “Crypto attacks encrypt files on an infected machine, making them completely unrecoverable. To obtain the key which the attacker demands ransom in return, the compromised computer will attempt to transfer the virus to other machines and repeat this process. The most critical step is to immediately disable servers and isolate the network, before further analysis is initiated.”

Core to Altus’ business was protecting the Hyper-V environment. Out of 100 servers, 20 percent required recovery. IT Live’s strategy was to isolate each host and apply a security baseline, deploy antivirus software, and introduce Altus to industry leading backup and recovery solution, Hitachi Vantara.

All hands-on deck, Dawid and the IT Live team formed a steering committee in conjunction with Altus’ CIO, Mark Corboy and IT Manager, Deon Gresse. The teams worked cohesively from the IT Live office to strategize and manage the situation effectively and efficiently.

Following protocol and with the ability to live stream to the storage server, IT Live created new domain administrator accounts, with updated passwords and identities. Altus admins was back online within 2 hours, while IT Live continued to systematically run various AV and Malware scanners to ensure servers were cleaned and replaced anti-virus systems.

Once identity servers were functioning, the restore and recovery process began. With Veeam software installed in Altus’s Disaster Recovery (DR) solution from IT Live’s prior engagement, IT Live could easily integrate and stream Hitachi Vantara backup and recovery solution to the hypervisors, recovering the server in minutes.

Dicker Data – the region’s leading distributor of hardware, software, cloud and emerging technologies worked with IT Live to design the best solution. Together they tailored and collaboratively designed Hitachi’s HCP for cloud scale and Veeam Scale-Out Backup Repository.

Typically, a 6 to 12-month process, IT Live resolved Altus’ outage in two days, with minimal impact to users and business operation. Hitachi Vantara and Veeam backup and recovery solution is scalable, offers long-term data retention of virtual, physical and cloud-based workloads and is cost-effective. The solution was the catalyst to achieving fast and reliable backup, restoring business critical applications and replication for Altus workloads.

Dawid said, “In our +/- 160 server environment crypto, the previously implemented Veeam and Hitachi solution strengthened and fast-tracked the recovery due to our ability to stream production servers directly from Veeam back to the production Hitachi storage. Every machine is now successfully recovered and backed up protecting Altus against subsequent crypto events.”

Today, ransomware remains one of the biggest threats to data globally with backup data a primary target for attacks. As the IT Live and Altus engagement continues, Hitachi Vantara and Veeam solutions remain active running test plans, audits, selected configurations, test methodologies, and processes to prevent, detect and mitigate cyber threats and ransomware attacks.

Deon Gresse, Infrastructure manager, Altus said, “What stood out the most was speed of recovery, minimal business and employee downtime, and IT Live’s ability to provide reassurance and complete transparency. We are on an ongoing security journey.”

Deon Gresse, Infrastructure manager, Altus, said, “IT Live is a true partner, with their finger on the pulse constantly adding value and finding new solutions to improve our security and IT infrastructure. We’re able to operate business as usual comfortably, knowing the IT Live team have our needs sorted.”

For more information to speak to one of our sales team members, contact us today! 

 

Raymond Pacpaco
28/04/2021 5:17:37 PM

More Posts by Raymond Pacpaco