Cyber-criminals encrypt onsite backups
Monmouth School for Boys was founded by William Jones, a member of The Worshipful Company of Haberdashers, in 1613 during the reign of James I. The foundation now also supports Monmouth School for Girls, Monmouth School Girls’ Prep, Monmouth School Boys’ Prep and Monmouth Schools Pre-Prep & Nursery. Former pupils have had outstanding careers in the arts, academia, sports, the media, Armed Forces, retail, the Church, politics and the Civil Service.
Redstor was a 'godsend' recovering data
ComputerWorld’s advice to use Redstor for data protection proved invaluable when only months later a £1 million ransomware attack paralysed Haberdashers’ five schools in Monmouth.
Not only did cyber-criminals wipe out school files, they also encrypted onsite backups held by a leading global provider of disaster recovery solutions.
Recovering that data would have been virtually impossible, had Fred Welsby, Director of IT at Haberdashers, not taken up a recommendation from the schools' managed service provider to deploy Redstor.
ComputerWorld and Haberdashers’ Monmouth Schools had embarked on their new strategic partnership early in 2020. There was a focus on digital transformation and improving the teacher and student learning experience.
Account manager Chris Burgess said: “Offsite data protection and recovery was quickly identified as an area of focus. It was important to ensure data would be safe in the event of a major hardware failure or ransomware attack.
“ComputerWorld worked closely with Haberdashers’ Schools to identify the value they wanted from offsite back-up. One of the key areas was speed of recovery for student and staff data, which is where Redstor really shines.”
This proved crucial when ransomware found a way in through a domain admin account, spreading quickly through the main infrastructure, knocking out file servers and Exchange and SQL servers.
Cyber-criminals were demanding an initial £500,000, rising to £1 million after six days to unencrypt the data.
Fred recalled: “They had found all the devices and servers on the network, created a domain admin account and started trawling through our data to see what was valuable to us. There was nothing they couldn’t do.
“I came into work to find my engineer calling it ‘a disaster’. Nobody could log onto any computers. Teachers and pupils had no access to any of our services, databases or email systems. Basically it was back to paper and pencil.
“Thankfully, due to previous minor malware incidents that we’ve had over the past four or five years, I had recently decided to engage with Redstor to have a cloud backup system installed.”
Redstor immediately set about restoring the affected servers into VMware.
Fred said: “We’ve had ransomware attacks in the past and the financial loss of a lack of teaching is an expensive thing - far more than the cost of a decent security system with a decent backup.
“It was a very bad attack, but it could have been a lot worse. Had we not had a cloud backup system, we would have been with very limited services for a month or longer.
“ComputerWorld helped us get our most important services back up and running very quickly - mainly email and Microsoft 365 authentication that was hosted on-prem - and that enabled us to start teaching again.
“I was very relieved that we had decided to get Redstor and very happy with the support ComputerWorld provided during an incredibly difficult time."
ComputerWorld has a vast amount of experience when it comes to data protection and recovery, along with helping organisations recover from major incidents such as ransomware. The fact that we had implemented Redstor gave us added peace of mind that Haberdashers’ schools’ critical data was safe and easily recoverable.”
Chris Burgess, ComputerWorld account manager
The UK’s National Cyber Security Centre (NCSC) recently warned of a spike in the targeting of schools, universities and colleges.
The Department for Education and the Government’s cyber-security arm recently became so concerned about the number of ransomware attacks affecting the education sector that the DfE sent out a circular, advising schools to review their defences urgently.
Storing backups in Redstor’s geographically separate data centres ensured there was an airgap between the Haberdashers’ live data and backups. The data was also encrypted before it was sent to the data centre so the ransomware was unable to execute and compromise the Redstor backup platform.
Fred recalled: “We did have another backup software on-prem – and one of the backup servers was on domain. That was fully encrypted, so they hit our backup systems as well.
“However, we were able to recover that server to the previous day with Redstor, so the loss of data was very minimal. The cloud backups were unaffected and were critical in restoring our systems.”
With InstantData - Redstor’s unique, user-driven streaming technology - there is no need to wait for a full recovery. Redstor gets users up and running at the click of a button.
We had 15TB protected by Redstor - and that was an absolute ‘godsend’. We could access files restored from Redstor within a few minutes once the restore had started.”
Fred Welsby, Director of IT at Haberdashers' Monmouth Schools
Haberdashers deployed Redstor to comply with the legislation and guidelines, outlined by Ofsted and the Data Protection Act, and enforced by the Information Commissioner’s Office, which requires schools to securely back up data offsite on a daily basis.
Principal James Murphy-O’Connor said: “Communication with governors, Haberdashers Hall in London, staff and parents was at a standstill. Without Redstor it would have been far worse. I'm told the impact of a ransomware attack can last months.”
Haberdashers continue to work with ComputerWorld's in-house team, who ensure a bespoke security strategy is implemented throughout the schools.
- Recovering data after ransomware attack
- Keeping schools working while data is recovered
- Managing data effortlessly on-prem and in the cloud
- Difficulty finding expert support
- InstantData, Redstor’s unique on-demand streaming technology
- A data management solution that delivers reliable backup and recovery and DR
- Cloud-based protection with no hardware costs
- Support provided by an organisation that is both the technology vendor and infrastructure owner
- Stream data in real time to any device, making downtime a thing of the past
- No need to wait for full recovery - gain immediate access to automated, encrypted and secure online backup and recovery
- Easy installation with ability to scale up or down as demand changes
- Fast 24/7/365 access to a support team that draws on 20 years’ knowledge and experience within the storage and backup industry
Borderless visibility of data
With a unique solution that is built for the cloud, Fred is able to discover, manage and protect the data of all five schools with ease.
Running on servers, laptops and workstations, with backup selections profiled from the management console, Redstor provides rapid and granular restore for Microsoft 365, Google Workspace, Google Classroom and SaaS applications.
Redstor unifies backup, instant-data recovery and access and data migration through a secure, central console, enabling borderless visibility of Haberdashers’ entire data estate at any time, on any device.
Multiple copies of backups are held securely encrypted in UK data centres. The encryption key is set by the customer, ensuring no unauthorised access.
This is particularly important for schools, who have to retain their last seven years of data, protecting financial details and safeguarding information on pupils.
Fred recalled: “During the pandemic we installed new touch screens in all classrooms and teachers received Microsoft surface devices.
"We had so little time to get everything set up that it was decided to give staff local admin access. This allowed teachers to calibrate the screens each time they moved from room to room.
“It also made it possible for them to install a printer or another device at home, but granting this is not a good idea.
“We suspect that a key logger was installed on one of the surfaces, non-maliciously, probably an accidental install by a member of staff. Our IT support went to support them. He logged on with his account, which was a domain admin.
“The cyber-criminals trawled the credentials from that account, logged into our systems via a VPN and then started creating their own accounts and this was done overnight.
“We no longer have all our IT team as domain admins. Now we have a delegation of tasks and roles for each person. It’s inconvenient, but far more secure.”
Scale easily, no hardware
Not only are traditional backups costly, complicated and time-consuming, they cannot scale to support the explosion in new apps and growing data sets.
As well as removing manual overheads, Redstor allows Haberdashers to budget confidently, scaling easily with no hidden costs or surprises.
Fred revealed: “We are preparing to migrate all of our emails to Microsoft 365 in the cloud once we have adequate security. We currently have 90 users in the cloud and the remaining 1500 on prem in an Exchange server.
“Our intention is to use Redstor to cover all of our on-prem and M365 backups for the future.”
Redstor’s clients have 24/7 access to a support team that draws on 20 years’ knowledge and experience within the storage and backup industry.
If Haberdashers ever needs support, the principal has the reassurance that the schools' IT team is speaking to an organisation that is both the technology vendor and infrastructure owner.
Most important of all, though, for James was that Redstor’s support team were there for him when he needed them the most.
He said: “Having that expertise and reassurance allowed me to believe all would be well.
"Some colleagues were slightly concerned about what the ransomware attack could lead to – paying out big ransoms, but I sensed that having an expert organisation like Redstor with us – all things would be ok and there would be a good income. Like all things that test you, the result is that you get better because of them.
“I contacted the secretaries of four separate associations for independent to forewarn them about being a target for ransomware and I was on the phone several days for hours speaking to people concerned about what they needed to do.
“We made a list of four or five recommendations and having Redstor was one of them, so hopefully a few schools will be saved from what we went through.”