BCS Quickly Restores Its Largest Manufacturing Client’s Critical Operations After a Ransomware Attack With Datto Continuity

No matter how robust an organization’s security mechanism is, a few attacks sneak past the defense. Even one small mishap can send a ripple effect across the entire digital ecosystem of an MSP, enabling bad actors to access the critical machines in their client’s network. As soon as that happens, it’s essential to get back on your feet as quickly as possible.

However, this recovery procedure is an ordeal. Most companies take around two to three weeks to be up and running again, especially after a ransomware attack. This is often an indication of a clear lack of usage of on-site backup and recovery solutions and full cloud options among MSPs that can make data recovery fast and hassle-free.

BCS sought an advanced solution that covered all the business continuity and disaster recovery (BCDR) needs of an MSP. Additionally, they were looking for a solution whose business model dovetailed nicely with their managed services business.

When a daring ransomware attack hit one of its clients, BCS was able to act quickly and provide efficient data backup and recovery with the assistance of Datto — helping the client’s business return to normal in no time. BCS utilizes Datto Unified Continuity and SaaS Protection, with around 90% of their clients using some form of Datto solution.

On July 12, 2022, a client was exposed to a spear phishing incident. Within 48 hours, a PowerShell script execution resulted in the remote pushing of Black Basta ransomware to servers listed in the active directory. BCS immediately removed global routing from the network, thus preventing the spread between locations and within the site between network segments. BCS utilized on-site Datto virtual machine (VM) disk backups for rapid restoration of backup images to servers.

Datto Support was engaged to help restore numerous VMs. Every single server got restored quickly, and production was up and running in approximately 72 hours. Restoration of every workstation and server was completed in under two weeks. The client’s environment was completely restored in about two months, compared to the industry norm of six months to a year.

According to Craig, these unprecedented feats were largely achieved due to the use of Datto Unified Continuity.

On-site air-gapped backups can be crucial in combatting any ransomware attack. Datto incorporates this feature in its Unified Continuity suite and offers service for all server backups.

As Craig says, “We used Datto for all server backups in this recent ransomware incident. This allowed us to have VMs restored on top of the Datto devices before the actual physical servers were cleared from forensics.”