Sales: 0845 470 4001 | Support: 0845 230 6001 | Contact Form | NPS

Restoring critical data in three days following a cyberattack

Restoring critical data in three days following a cyberattack

The Challenge

In Q3 of 2024, the CEO of a UK-based bank received an email from a ransomware group, informing him that the bank's data had been encrypted and would be released on the dark web unless a ransom demand was paid. Although several insurers and consultants were engaged to resolve the situation, the slow response times made it clear that an alternative approach would be needed.

Finally, in order to minimise the resulting downtime and resume operations as soon as possible, without giving in to the criminals' ransom demand, the organisation engaged Exponential-e to restore and secure their critical servers. With even the shortest period of downtime resulting in serious financial and reputational damage, a team of incident response specialists immediately began the restoration process, aiming to have the bank's systems back online in days rather than weeks.

The Solution

The restoration process began with a thorough audit of the IT ecosystem to establish which servers had been impacted, after which the affected VMs were powered down. A new, fully isolated VDC was created to store these VMs once they were recovered, along with a completely new firewall zone.

With the affected servers restored into this new VDC zone, firewalls were established to allow for the most basic access, after which malware scans were conducted. These scans continued for two days, during which the customer was granted initial access to the servers via a temporary SSL VPN with Azure MFA, allowing them to resume operations in just three days.

At this point, Zerto replication was set up for the new VMs, while Exponential-e simultaneously engaged with the third party that was conducting a forensic investigation. 

Connectivity was soon re-established for the customer's other offices, at which point users were brought back online. Firewall logs were provided for the forensic team, along with initial access to VM images via vCloud Director.

Finally, a test rebuild of the affected VMs was conducted and finalised within two days, and additional firewall policies established.

Exponential-e has repeated variations of this process for multiple other organisations affected by ransomware attacks, allowing them to resume operations as quickly as possible and ensure their critical infrastructure is secured against future attacks. 

The Result

Ongoing communication between all parties involved ,including a dedicated team of incident response specialists at Exponential-e with a defined action plan ensured a seamless restoration process. Day-to-day operations resumed in just seven days, without paying the criminals' ransom demand.

Don't wait for a crisis to expose the cracks, fortify your defences today. Discover how expert response turned seven days of chaos into operational recovery.

  79 Hits

Is the NHS 10 Year Plan fit for the future when it comes to cyber security?

nhs-digital-transformation-cybersecurity-critical-infrastructure

The recently released NHS 10 Year Health Plan is part of the Government's mission to build a health service fit for the future. Setting out how the government will reinvent the NHS through three radical shifts: hospital to community, analogue to digital and sickness to prevention.

  243 Hits

'Frictionless' shopping and the rebirth of the high street

Frictionless-shopping_

We've been hearing about the impending demise of the high street for years now, ever since online shopping and click-and-collect established themselves as part of our day-to-day lives. And yet, while brick-and-mortar retail has certainly been through a great many challenges and upheavals, it doesn't show any sign of going away quite yet. Rather than simply expecting customers to be content with previous generations' shopping experiences, the sector has demonstrated considerable ingenuity by taking full advantage of emerging technologies to deliver the kind of personalisation that would previously have been the sole preserve of online platforms.

  436 Hits

Smart spaces and the new guest experience - rethinking the network’s role in hospitality

Hospitality-Smart-Spaces_BlogHeader

Across the Hospitality & Leisure sector, from pubs to five-star hotels - guests' expectations have evolved in ways that would have been impossible to imagine just a decade ago.

  383 Hits

Tackling cyber security blind spots in healthcare

blog-header-tackling-cyber-security-blind-spots-in-healthcare

For many Chief Information Security Officers (CISOs), the first challenge isn't stopping a breach, it's knowing where the breach could even happen. Healthcare IT estates are some of the most complex and fragmented in the public sector.

  530 Hits

Reflecting on the 2025 BSA Conference - Modernising the Mutual

reflecting-on-the-2025-bsa-conference-modernising-the-mutual_blogheader

Having returned from the BSA Conference 2025, it was clear that building societies are navigating a critical juncture - balancing their relationship-led service models while addressing the urgent need to modernise outdated systems and improve operational efficiency. Given the current geopolitical climate, and the increasing pace of innovation, developing a strategy that not only solves immediate challenges, but offers sufficient scope to tackle future issues, can often seem like a moving target.

  558 Hits

NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked

IT-HEL2

The UK's National Cyber Security Centre (NCSC) has warned the IT helpdesks of retailers to be on their guard against bogus support calls they might receive from hackers pretending to be staff locked out of their accounts.

  76543 Hits

Why Legal firms are the natural home of hybrid Cloud infrastructure

b2ap3_large_blog-header-why-legal-firms-are-the-natural-home-of-hybrid-cloud-infrastructure

Although digital transformation amongst Legal firms has typically been comparatively slow compared to other sectors, the journey has picked up speed over the course of the last decade.

  2040 Hits

Offering clients the ultimate peace of mind – a new approach to security and remediation for legal firms

legal-remediation-offering-clients-the-ultimate-peace-of-min_20250410-144713_1

Although the sector as a whole has traditionally been comparatively wary of the ever-increasing pace of technology, legal services are increasingly data driven, with an abundance of AI-related discussion emerging within legal technology circles. The core Document Management Systems (DMS) and Practice Management Systems (PMS) remain the centre of focus for how and where to deploy a variety of rapidly maturing SaaS platforms, or dedicated, highly customised suites.

  1376 Hits

The new breed of seamless, secure cashflow emerges: Ensuring your organisation is prepared for the payments revolution

the-new-seamless-secure-cashflow-emerges-ensuring-your-organisation-is-prepared-for-the-payments-revolution
We make payments, large and small, every day of our lives. From paying our bills and making payments to friends online, to the large-scale bank transfers that help business flow. Money changes hands through a wider range of channels and platforms than ever before, to the extent the days of cash-in-hand being the default payment model are a fading memory for many of us. The convenience and flexibility can't be disputed, but as with any emerging technology, the new flows of data must be given careful consideration, ensuring businesses and customers alike can rest assured that their money will remain secure throughout every stage of every transaction.
  1071 Hits

Preparing for DORA: What do these new regulations mean for finance and insurance firms?

preparing-for-dora-what-do-these-new-regulations-mean-for-finance-and-insurance-firms
When it comes to insurance and financial services, the ability to offer clients peace of mind is the key to ensuring the sector's continued longevity. Cyberattacks are evolving in frequency and sophistication, with criminals selecting progressively more ambitious targets, and even minor IT outages, whether they're caused by human error or 'acts of God', will have a serious effect on firms' operations, negatively affecting both profitability and brand reputation. With this in mind, firms must reconsider the way they approach operational resilience, particularly regarding the way access rights for critical systems and data are managed.
  1338 Hits

UK Government proposes ransomware payment ban for public sector

uk-government-proposes-ransomware-payment-ban-for-public-sector

The UK government has proposed extending its ban on ransomware payments to cover the entire public sector in an attempt to deter cybercriminal attacks and protect taxpayers.

  62376 Hits

£3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack

3-million-fine-for-healthcare-msp-with-sloppy-security-after-it-was-hit-by-ransomware-attack

A UK firm has been hit by a £3.07 million fine after being hit by a ransomware attack that exposed sensitive data related to almost 80,000 people, and disrupted NHS services.

  79808 Hits

Leveraging pioneering SASE technology with Gartner’s 2024 Magic Quadrant™ Leader, Cato Networks

leveraging-pioneering-sase-technology-with-gartners-2024-magic-quadrant-leader-cato-networks

Secure Access Service Edge (SASE) is rapidly establishing itself as the solution of choice for the next generation of enterprise networks, where optimal control, visibility, and scalability are essential. In the first quarter of 2024 alone, the SASE market experienced a 23% surge, as more and more organisations began taking advantage of its capabilities.

  2390 Hits

A new model for technology partnerships in the Hospitality & Leisure sector

A-new-model-for-technology-partnerships-in-the-Hospitality--Leisure-sector
The Hospitality & Leisure sector is inherently people-focused, with the personal touch making all the difference to guests' experiences. But, as we have already discussed on this blog, the multiple lockdowns in response to COVID-19 have forced to the entire sector to adopt new ways of engaging with guests, utilising next-gen smart technology to deliver truly bespoke experiences and streamlined access to a wide range of services.
  2773 Hits

Developing a new breed of security to suit the new ways in which we consume content

Developing-a-new-breed-of-security-to-suit-the-new-ways-in-which-we-consume-content
The way in which we consume content has changed forever. Physical media and prescheduled TV and radio have rapidly given way to the convenience, accessibility, and range offered by streaming services. Independent content creators share the digital stage with the most well-established industry leaders, and numerous organisations have embraced the mantra that 'content is king', utilising online video as a key tool for building engagement with their prospects and customers.
  2910 Hits

Ransomware-hit vodka maker Stoli files for bankruptcy in the United States

blog-header-ransomware-hit-vodka-maker-stoli-files-for-bankruptcy-in-the-united-states

Stoli Group USA, the US subsidiary of vodka maker Stoli, has filed for bankruptcy – and a ransomware attack is at least partly to blame.

The American branch of Stoli, which imports and distributes Stoli brands in the United States, as well as the Kentucky Owl bourbon brand it purchased in 2017, was hit by a ransomware attack in August 2024.

  107663 Hits

Laying the foundation for a successful network transformation

Laying-the-foundation-for-a-successful-network-transformation_BlogHeade_20241115-090530_1

Despite the numerous interconnected elements now involved in effective digital transformation, the network remains the foundation of everything, ensuring any investment in new technologies delivers the best possible ROI, and that teams at all levels are empowered to deliver their very best, 24 / 7. As such, the digital transformation journey must always begin with a full network transformation.

  1391 Hits

Wherever you are in your network transformation journey, is it time to consider SASE?

Is-it-time-to-conside-SASE_BlogHeader
From start-ups to global leaders, across the public and private sectors, organisations' ongoing growth and brand reputation rises or falls based on the quality of their networks. As a result, network transformation is a growing priority, with IT leaders looking to replace cumbersome legacy systems with flexible, scalable, and secure connections that support tomorrow's highly dynamic workflows.
  2034 Hits

'Big-game hunting' - Ransomware gangs are focusing on more lucrative attacks

Big-game-hunting---Ransomware-gangs-are-focusing-on-more-lucrative-attacks_BlogHeader
2024 looks set to be the highest-grossing year yet for ransomware gangs, due - in no small part - to emboldened cybercriminals causing costly disruption at larger companies.

The so-called 'big-game hunting' cyberattacks which target larger, higher-value organisations have contributed to US $459.8 million paid to cybercriminals in the six months of 2024, according to a report by the cryptocurrency research firm Chainalysis.


Although the rise in money criminals have generated through ransomware has risen by what may appear to be a small percentage amount (approximately 2% from US $449.1 million to US $459.8 million), this is in spite of disruption caused to ransomware-as-a-service operations such as LockBit and ALPHV/BlackCat by law enforcement agencies.

The figures for the first half of 2024 include the US $75 million reportedly paid to the Dark Angels ransomware gang by an undisclosed Fortune 50 company, in what was believed to be the largest ever single ransom payment made since records began.

The ballooning size of maximum ransom payments represents a 96% year-on-year growth from 2023, and a 335% increase from the maximum payment made in 2022.

Chainalysis's research reveals that the median ransom payment made in response to the most severe ransomware has rocketed from just under US $200,000 in early 2023 to US $1.5 million by mid-June 2024.

The researchers believe that this 7.9x increase in the typical size of ransom payment (a nearly 1200x rise since the start of 2021) suggests that larger businesses and critical infrastructure providers considered more likely to agree to make higher payments due to their greater access to funds and the more significant impact of downtime.

Against this backdrop, the study claims that ransomware victims are giving in to extortion demands less often. As it explains:

Posts to ransomware leak sites as a measure of ransomware incidents have increased YoY by 10%, something we would expect to see if more victims were being compromised. However, total ransomware payment events as measured on-chain have declined YoY by 27.29%. Reading these two trends in tandem suggests that while attacks might be up so far this year, payment rates are down YoY. This is a positive sign for the ecosystem signalling that perhaps victims are better prepared, negating the need to pay.

In short, ensuring that your organisation had prepared to respond to a ransomware attack is essential.

Many organisations underestimate the importance of having a robust incident response plan. But knowing how to respond, especially in those critical first 48 hours after a cyber attack, can be critical.

Do you worry your company won't know how to recover after a cyber attack? Has your business just been hit by ransomware and you're wondering what to do?

There's still hope.

Don't make the mistake of believing that your organisation will never be targeted. The right approach is to take proactive measures in advance - as it's not a case of whether your business will suffer the likes of a ransomware attack but when.

Make sure to read Exponential-e's step-by-step guide on ransomware remediation.

  91435 Hits