Data encryption at exam finals time

A leading university faced a critical situation when its ESXi servers and virtual machines were encrypted by a cyber-attack. This incident coincided with a particularly challenging period, as it occurred during exam finals and the holiday season. Many students were using loaned devices and were off-campus, complicating communication and coordination efforts. The university decided against purchasing a ransomware decryptor, necessitating an alternative recovery strategy. Additional challenges included the university staff’s unfamiliarity with their IT environment and a lack of trust between domain controllers, further complicating recovery efforts.

Planning and implementing recovery strategy

To address these challenges, the university implemented a comprehensive recovery strategy which involved the support of Quorum Cyber. The university’s strategy comprised:

• Infrastructure Rebuild: The university rebuilt its ESX hosts using backups stored on Amazon Web Service (AWS), ensuring that critical infrastructure components were restored
• Expert Recovery Teams: Quorum Cyber’s team restored the university’s environment to enhance recovery efforts and ensure a thorough and efficient process
• Security Software Deployment: Enhanced endpoint security and monitoring capabilities were deployed across the university’s network.

An outstanding recovery

Through these targeted efforts, the university was able to achieve significant recovery milestones:

• Infrastructure Restoration: The rebuilding of ESX hosts from AWS backups allowed the university to regain control over its IT infrastructure, restoring essential services and systems.
• Collaborative Recovery Effort: The involvement of expert recovery teams facilitated a coordinated and effective response, demonstrating the importance of collaboration in crisis situations.
• Enhanced Security Posture: Improved the university’s security posture, providing greater protection against future threats.

The university’s swift and strategic response to the cyber-attack enabled the institution to overcome significant challenges during a critical time. By leveraging expert resources and prioritising infrastructure restoration, the university successfully navigated the recovery process, underscoring its commitment to resilience and the protection of its academic community.

Contact us if you would like to strengthen your organisation’s cyber security or cyber resilience.