Architecture firm shares ransomware recovery success story

The architecture firm Leo A Daly executed a successful ransomware recovery using the Nasuni cloud file system. It also used Nasuni to move storage off premises and into the cloud.

Nasuni's file backup and recovery features helped foil a ransomware attack against international architecture and engineering firm Leo A Daly.

A rogue file infected with ransomware encrypted about half of the files across the company's network in 2016 following a successful phishing attempt, said Stephen Held, vice president and CIO at Leo A Daly in Omaha, Neb., which operates more than 30 offices and sites and employs hundreds of workers.

Nasuni's recovery features enabled the team to quickly revert to snapshots before the attack, Held said in an interview with SearchStorage and during a panel discussion at the recent CloudBound21, Nasuni's virtual event.

"Once we stopped it, we spent a lot more time diagnosing [if] we stopped it and [if we] understood the attack," he said. "The actual rollback process was pretty simple."

Held's IT team eventually found the infected file, which was triggered by a phishing expedition, had taken over the network the immediate hours following the attack. Soon after quarantining the attack, the team was able to begin the restoration process due to the frequent versioning by Nasuni, Held said. After the initial evening vigil against further security compromises, Held said most of the backups restored files to versions from minutes before being compromised.

Throughout the week, as employees realized additional files had been encrypted or fell to the original phishing attempt themselves, Held and his team were able to quickly restore those users as well.

"The hardest part is deciding where you want your restore point to be," Held said. "Ours was pretty apparent. We had to get back to the first file encryption. We got to experience small restorations over the next several days as we experienced more machines being infected."

The hardest part is deciding where you want your restore point to be.
Stephen HeldVice president and CIO, Leo A Daly

Data accessibility is critical

Leo A Daly uses Nasuni for more than just backup and protection. The cloud file storage system has enabled the company to shrink its overall data center footprint by reducing locations to just a single appliance with a 2 TB local cache and storing a majority of its files on Microsoft Azure. Previously, the team maintained a local server with local storage and backup storage at all 30 Leo A Daly sites.

Held said his overall IT plan for the company, especially when signing up for Nasuni in 2016, was to reduce the potential issues such as network outages due to turbulent weather from relying on localized geolocations for file storage.

"This approach allows us to mitigate a lot of the risk you would have experienced before," he said, noting other offices across the globe have gone offline due to winter storms and other dangerous weather.

At the time, his department needed to refresh its on-premises storage for a second time within five years due to the ever-escalating file sizes from design programs such as AutoCAD and Autodesk Revit. Additionally, appliance backups were processed manually using Microsoft Robocopy.

"We were growing much faster than we predicted," Held said. "I was looking for a way out of that rat race."

Held explored products from a few competing vendors but chose Nasuni due to his organization's need for some on-premises storage caching appliances and lower cost.

"We were looking to reduce our footprint, reduce the data redundancy and increase the speed with which our studios received updated information," he said.

But it was the data accessibility features that sold Held on Nasuni. They ensured data accessibility if other appliances on the network were offline and even in the case of a node outage, an issue that another vendor under consideration at the time couldn't manage.

"To have one [node] go offline and that forces them all into inaccessible mode? Didn't work for us," he said.

Since Leo A Daly became a customer, Nasuni has worked to implement several of Held's requests into the product. The vendor's new Global File Acceleration feature, which expedites multi-site file synchronization, has helped significantly reduce the time it takes to generate a new file or folder on the network. New files could sometimes take up to a 30 to 45 minutes to appear, but now take a minute and a half on average, Held said.

In pursuit of the remote office

Held eventually wants almost all office work to be remote, even if some of the heavier applications keep the need for desktops and other physical compute horsepower.

"I'm in pursuit of what we call a virtual office," he said. "Remote desktops are great, but you have a bunch of desktops sitting around and we haven't quite reached that geographic independence on all the sites we use."

Tim McCarthy is a journalist living in the North Shore of Massachusetts. He covers cloud and data storage news.

Dig Deeper on Cloud storage

Disaster Recovery
Data Backup
Data Center
and ESG