A large mining company in South Africa, with over 2,000 employees, faced a critical situation after being targeted by a ransomware attack. The criminal group responsible was identified as RansomHub, which exploited a vulnerability to access the corporate network and encrypt vital files, adding specific extensions to the affected machines.
The primary files affected were the virtual machines (VMs) and the backups stored in Veeam, resulting in over 20 TB of compromised data.
The impact of this attack was devastating, especially since the company was already undergoing bankruptcy proceedings. The operational shutdown caused by the attack lasted for months, further deepening the company’s financial crisis.
The situation became especially delicate due to the immediate need for access to accounting data in order to avoid severe fines for lack of proper documentation. The client was emotionally distressed, desperate to resolve the issue quickly and prevent further financial losses.
Faced with a scenario where over 20 TB of critical data had been completely encrypted, the company had no pre-existing ransomware incident response plan. Although the company had backups created with Veeam, these were also encrypted, rendering them initially unusable.
Digital Recovery acted quickly, offering the client two clear data recovery options: through the encrypted backups or directly from the production environment. Both solutions proved viable thanks to the advanced methodology developed by Digital Recovery.
Given the client’s emotionally distressed state, our team provided intensive and close support, thoroughly explaining every step of the process. Communication took place daily, including special availability on weekends and during evening hours.
Using specialized virtual machine recovery techniques, we applied this methodology directly in the production environment as well, ensuring a fast and efficient recovery of essential data.
A project that would normally take around a month was successfully completed in just three days, meeting the client’s urgent needs and preventing the escalation of financial penalties.
The client was extremely satisfied and relieved with the initial results of the data recovery. The first phase of the recovery took approximately one week from the start to the approval of the restored data.
Digital Recovery’s solution enabled the company to quickly regain access to its essential information, significantly mitigating the risk of additional fines and ensuring the operational continuity needed to face its financial crisis.
After receiving the recovered data, the client’s reaction was one of immense happiness and relief. The initial success provided confidence for the next stages of the project, which are still ongoing.
This case reinforces the importance of relying on a company specialized in recovering files encrypted by ransomware like Digital Recovery in critical situations—ensuring speed, technical efficiency, and the human support necessary to face complex cyber crises.
