Redstor proves its worth as cyber-criminals encrypt schools’ on-prem backups and issue £1 million ransomware demand
AN IT service provider’s advice to prioritise offsite data protection proved invaluable when a £1 million ransomware attack paralysed IT at Haberdashers’ five Monmouth schools in Wales.
As well as wiping out vital files belonging to pupils and staff, cyber criminals encrypted onsite backups held on disc and tape by a leading global provider of disaster recovery solutions, making data recovery from them virtually impossible.
Fortunately for Haberdashers, a few months earlier it had followed the advice of its managed service provider ComputerWorld and deployed Redstor to store backups in the company’s geographically separate data centres.
Because data is encrypted before being sent to the data centres, the ransomware couldn’t execute and was unable to compromise the Redstor backup platform, enabling Haberdashers to recover servers to the previous day’s state, with minimal loss of data.
Haberdashers’ problems started when sodinokibi, the ransomware variant that temporarily forced Travelex offline, found a way in through a domain admin account and quickly spread through the main infrastructure, knocking out file servers and Exchange and SQL servers.
“They had found all the devices and servers on the network, created a domain admin account and started trawling through our data to see what was valuable to us. There was nothing they couldn’t do,” explained Haberdashers’ director of IT Fred Welsby.
“I came into work to find my engineer calling it ‘a disaster’. Nobody could log onto any computers. Teachers and pupils had no access to any of our services, databases or email systems. Basically, it was back to paper and pencil.
“We did have another backup software on-prem – and one of the backup servers was on domain. That was fully encrypted, so they had hit our backup systems as well.”
To unencrypt the data, cyber-criminals were demanding £500,000, rising to £1 million after six days.
The ransomware attack on Haberdashers followed a spike in attacks on schools, universities and colleges identified by the UK’s National Cyber Security Centre (NCSC) and warned about by the Department for Education in a circular urging schools to review their defences.
This is something that Haberdashers had done earlier in the year on the advice of ComputerWorld, which had recommended offsite data protection by Redstor to ensure the safety of data in the event of a major hardware failure or ransomware attack.
Chris Burgess, the school account manager at ComputerWorld, said: “ComputerWorld has a vast amount of experience when it comes to data protection and recovery, along with helping organisations recover from major incidents such as ransomware. The fact that we had implemented Redstor gave us added peace of mind that Haberdashers’ schools’ critical data was safe and easily recoverable.”
As it turned out, this confidence was well placed, as Fred Welsby explains.
“We had 15TB protected by Redstor – and that was an absolute ‘godsend’. The cloud backups were unaffected and were critical in restoring our systems. Had we not had a cloud backup system, we would have been with very limited services for a month or longer,” he said.
In the event, Haberdashers was able to access files restored from Redstor within a few minutes of the restore starting, thanks to Redstor’s user-driven streaming technology, InstantData, which lets users access files without having to wait for a full recovery.
Welsby added: “I was very relieved that we had decided to get Redstor and very happy with the support ComputerWorld provided during an incredibly difficult time.
“ComputerWorld helped us get our most important services back up and running very quickly, mainly email and Microsoft 365 authentication that was hosted on-prem, which enabled us to start teaching again.”