A medium-sized German company in the engineering sector became a victim of a highly sophisticated attack by the Fog ransomware group. With a strong presence in the market, this company faced an attack that severely compromised its IT infrastructure.
The criminals accessed the network through critical vulnerabilities exploited in the client’s environment, allowing the attackers to directly affect essential systems. The ransomware group responsible for the attack was aggressive, encrypting critical data such as NAS servers, virtual machines (VHDX), file repositories, and backups.
The company used Veeam Backup, a robust and reliable solution, but the backups were also encrypted during the attack, making the immediate use of the backup copies impossible.
Among the compromised data were NAS servers containing essential backups, critical operational files, and vital systems, totaling several terabytes of sensitive information.
The attack caused a total downtime in operations, resulting in complete unavailability of internal systems, directly affecting all company sectors. The client’s operational situation became critical, impacting its financial, administrative, and technical operations.
In addition to the financial impact, the internal atmosphere was described as desperate. The internal technical team was under extreme emotional pressure, with uncertainty about the possibility of recovering the essential data needed to resume the company’s operations.
After emergency contact with Digital Recovery, our specialized team immediately began the diagnostic and recovery process. The severity of the attack was quickly identified, and it was confirmed that the existing backups, despite being stored via Veeam Backup, were compromised by the ransomware and unusable without specialized technical recovery.
To resolve the issue, we offered the client a highly effective solution, specialized NAS (Network Attached Storage) recovery. Our team performed a detailed recovery of the affected systems, using advanced methods to extract and restore data directly from the compromised backups.
The recovery was performed directly on the affected files (especially the NAS and Veeam backups), using a combination of advanced techniques and RAW recovery to locate specific files that were potentially hidden or partially encrypted. The expertise in the client’s specific environment, particularly in handling Veeam Backup files and deep knowledge of file formats (VHDX, Veeam), was crucial to the success of the project.
Throughout the entire project, our team maintained constant and transparent communication with the client, with daily updates via email and phone, ensuring the client was informed about every step of the recovery process.
A critical challenge faced was the compromise of the existing backups, which would normally have been sufficient for a swift recovery. In this case, even the backups produced by Veeam were affected, requiring a differentiated and advanced recovery method.
Digital Recovery applied a customized NAS Recovery approach, leveraging advanced technical knowledge about the client’s environment and the VHDX files used. This approach was crucial for the successful restoration of the compromised data.
Another decisive factor was the close and daily support provided to the client, significantly reducing the initial atmosphere of despair. The project also benefited from the essential support of a partner specialized in Incident Response (IR), with whom Digital Recovery maintains excellent technical and strategic synergy.
The complete recovery of the company’s critical data was completed in about a week, allowing for a quick and full return to operations. The success in recovering the backups enabled the client to fully restore their technological environment, resuming their operational activities without significant or permanent losses.
