Architecture Firm Shares Its Ransomware Recovery Success Story

Nasuni’s file backup and recovery features helped thwart a ransomware attack against international architecture and engineering firm Leo A Daly.

A ransomware-infected malicious file encrypted about half of the files on the company’s network in 2016 following a successful phishing attempt, said Stephen Held, vice president and CIO of Leo A Daly in Omaha, Neb., which operates more than 30 offices and locations. and employs hundreds of workers.

Nasuni’s recovery features allowed the team to quickly revert to pre-attack snapshots, Held said in an interview with SearchStorage and during a panel discussion at the recent CloudBound21, Nasuni’s virtual event.

“Once we stopped it, we spent a lot more time diagnosing [if] we stopped him and [if we] understood the attack,” he said. “The actual restoration process was pretty simple.”

Held’s IT team eventually discovered that the infected file, triggered by a phishing expedition, invaded the network within hours of the attack. Shortly after the attack was quarantined, the team was able to begin the restoration process due to Nasuni’s frequent release, Held said. After the initial evening vigil against other security compromises, Held said most backups restored files to versions minutes before they were compromised.

Throughout the week, as employees realized that additional files had been encrypted or were themselves victims of the original phishing attempt, Held and his team were able to quickly restore those users as well.

“The hardest part is deciding where you want your restore point to be,” Held said. “Ours was pretty obvious. We had to go back to the first file encryption. We were able to experience small rollbacks over the next few days as we saw more infected machines.”

The hard part is deciding where you want your restore point to be.

Stephen heldVice President and CIO, Leo A Daly

Data accessibility is key

Leo A Daly uses Nasuni for more than backup and protection. The cloud file storage system allowed the company to reduce its overall data center footprint by reducing locations to a single appliance with 2TB local cache and storing the majority of its files on Microsoft Azure. Previously, the team maintained a local server with local storage and backup storage at all 30 Leo A Daly sites.

Held said his overall IT plan for the company, particularly when signing Nasuni in 2016, was to reduce potential issues such as network outages due to turbulent weather by relying on localized geolocations. for file storage.

“This approach allows us to mitigate a lot of the risk you would have faced before,” he said, noting that other offices around the world have gone offline due to winter storms and other conditions. dangerous weather.

At the time, his department needed to refresh its on-premises storage for the second time in five years due to ever-increasing file sizes from design programs such as AutoCAD and Autodesk Revit. Additionally, the appliance backups were processed manually using Microsoft Robocopy.

“We grew much faster than expected,” Held said. “I was looking for a way out of this rat race.”

Held explored a few competing vendors’ products, but chose Nasuni because of its organization’s need for lower-cost, on-premises storage caching devices.

“We were looking to reduce our footprint, reduce data redundancy and increase the speed at which our studios received updated information,” he said.

But it was the data accessibility features that sold Held over Nasuni. They ensured data accessibility if other appliances on the network were offline and even if a node failed, a problem another vendor envisioned at the time could not handle.

“Have a [node] log out and it forces them all into unreachable mode? It didn’t work for us,” he said.

Since Leo A Daly became a customer, Nasuni has worked hard to implement many of Held’s requests into the product. The vendor’s new Global File Acceleration feature, which speeds up multi-site file synchronization, has dramatically reduced the time it takes to generate a new file or folder on the network. New files can sometimes take up to 30 to 45 minutes to appear, but now take a minute and a half on average, Held said.

Chasing the remote office

Held ultimately wants nearly all office work to be done remotely, though some of the more heavy-duty applications retain the need for desktop computers and other physical computing power.

“I’m looking for what we call a virtual office,” he said. “Remote desktops are great, but you have a bunch of seated desktops and we haven’t quite achieved that geographic independence at all of the sites we use.”

Tim McCarthy is a journalist living on the North Shore of Massachusetts. It covers cloud and data storage news.