Fortunately this is a success story with a happy ending, as the ransom attack was a failure with no data loss and no ransom paid. The company could restore the encrypted system and data from backups on Pure Storage FlashBlade arrays.
Around 30 TB data was encrypted
The attack took place in the first half of January, on the unpatched servers making them vulnerable to attack. The attackers started scanning the vulnerable servers from Jan 8 and attacked two days later. The company soon released patches to overcome the vulnerability with the final patch being published on January 24.
The DoppelPaymer's operators infiltrated around 148 machines with data from "around thirty small business customers", as Bretagne Télécom CEO Nicolas Boittin told LeMagIT.
The DoppelPaymer Ransomware hackers demanded a ransom of 35 bitcoins (~$330K) for decrypting the system. Ofcourse, the company restored the data and didn't require the "decrypting services" from the hackers. Using the Pure Storage FlashBlade arrays' Rapid Restore feature, Bretagne Télécom could restore all of the customer's data.
"We found the time when the attackers installed the scheduled encryption tasks. Once these tasks and the malware were removed, we were able to return to operational conditions."
"It is not the first time that this has happened to customers. But most of the time, they are self-managing, so we di ..
Support the originator by clicking the read the rest link below.