Case Study – AirMarine recover from ransomware with Vitanium

AirMarine are a multi-million pound International Shipping and Freight Forwarding agent based next to Heathrow airport. AirMarine manage thousands of movements worldwide every year, working in partnership with hundreds of clients. Operating to the code of conduct guidelines of the British International Freight Association (BIFA), the ethos of Air Marine is one of integrity, reliability and partnership in working with their clients business. Accordingly, they take full responsibility for client consignments as if they were their own.

AirMarine have been a longstanding customer of Vitanium since 2003 with both Mailhive email filtering, email continuity and Datahive offsite backup products with ourselves.

The Challenge

AirMarine were subject to a ransomware attack on some of their in-house servers, rendering their systems locked and inaccessible.  Due to the time critical nature of their business, they needed to be up and running as soon as possible, but had not previously fully considered the effect of Recovery Point Objectives (RPO’s) and Recovery Time Objectives (RTO’s) upon their data protection strategy.

Despite the proximity to such a huge transport hub such as Heathrow, AirMarine were at the time only able to obtain ADSL connectivity into their office. This limited the amount of data which could be restored quickly over the Internet due to the poor bandwidth available.

The Solution

Vitanium worked on a solution of two parts for AirMarine. Firstly, to get them up and running from the existing attack as quickly as possible and secondly; to provide them with a review of their data protection policy and to recommend any changes for better protection going forwards.

AirMarine used the Datahive product for cloud and local backups of their file Data, Exchange Databases and Brick Level emails along with SQL backups of their Freight management system. Full system backups were handled by their IT company using an alternative product (BackupExec) to backup to Tape.

As soon as Vitanium were aware of the attack, we began the preparations for all of the backed up Data in the cloud with Datahive to be sent to the customer by USB drive. This was with the customer the next day following notification and proved invaluable as the IT company were unable to rebuild the servers from the alternative product, so rebuilt the servers from scratch before restoring all the data quickly from USB.

During the downtime our Email Filtering and Continuity service allowed AirMarine to respond to emails as normal.

Once AirMarine were up and running, Vitanium recommended Veeam to be setup on site to protect the production VM’s and allow restoring from any level (Full VM down to granular files). On learning the customer intended to upgrade their connectivity to a 100Mbps leased line, we recommended the addition of Veeam Cloud Connect to handle the offsite backups for a full protection strategy.

Vitanium were able to consult on the configuration required for Veeam, perform the initial setup and ongoing monitoring of backup jobs for a complete protection setup.

Vitanium also recommended using Panda Adaptive Defense EDR product to replace their legacy antivirus product which was due for renewal, and had missed the initial ransomware attack.

Result

AirMarine now have an advanced protection policy with their critical systems backed up with a market leading product, allowing quick and efficient restores at any level should the need arise in the future.

Their RTO and RPO have been fully considered, and significantly reduced for a minimal business impact should any incidents occur in the future.

Active protection against future attacks has also been provided with the addition of Panda Adaptive Defense which prevents execution of unknown executables within their network.

AirMarine are very happy with the result and can sleep easy at night knowing they are fully protected by their partnership with Vitanium.