The attack took place over a weekend; in fact, the ransomware had already been on the company’s system for some time; the ransomware managed to target 100 virtual machines that were hosted on a Windows X86 server.
This was a large-scale attack targeted specifically at the company. REvil used an RDP port, which is a port for remote access. The operation of the company was not completely affected, because the main servers were not hit by the attack, the servers that were hit were secondary.
The ransom demanded by the group was 2 million reais, which the company refused to pay and began searching for an alternative solution to the payment and, among the solutions found, RansomHunter stood out from the rest for its differentials and its free advanced diagnostics, which could completely map the encrypted data.
Soon after the advanced diagnosis, with the company’s endorsement, we immediately started the recovery. This case was extremely complex, what would normally be done in up to 10 days, was done in 30 days due to the high volume of encrypted data that was stored in different Virtual Machines.
But even this complexity couldn’t stop our experts, who worked tirelessly to recover the files, using the help of Trace, a proprietary technology, without which the recovery would have taken months. After the process, 100 per cent of the encrypted data was recovered.
This is just one case of the hundreds we have handled, and we have satisfied customers all over the world.
