The good news was that actual backups did survive the attack, because the servers they were hosted on were not compromised – and this is where the most interesting part starts. And the ransomware did a great job, because the entire production infrastructure was a smoking crater before the customer could do anything. This included not only disabling and deleting all services, but also wiping configuration databases and backup catalogs.
That ransomware, on top of actually encrypting the production data, was also designed to track down all popular cyber-security and backup software, disable its services and delete all configuration data – so, both of the backup infrastructures were completely obliterated in a matter of seconds. The customer has also carried out the detailed attack investigation through a third-party security company, which particularly analyzed the ransomware in question. This company used two backup solutions: half of their environment was backed up by Veeam, and another half by a well-known enterprise backup competitor – so this is why we know these details through our account team (but since they are under NDA, I will not share any names). 'Here's one real-life example from a few months back, when one large enterprise company suffered an attack from such ransomware – which caused an extended outage and made the news. Thanks #AntonGostev for sharing that real life example