Gajus - Fotolia
Veeam backups save Alaska community from ransomware attack
Kodiak Island Borough transitioned to Veeam backups just in the nick of time. After successfully recovering from a ransomware attack, the IT department added more Veeam protection.
Paul VanDyke, IT supervisor for Kodiak Island Borough in Alaska, was away at a conference when a ransomware attack hit. Fortunately, his community's IT department was ready for it, thanks to a recent switch in backup software and a little help from mom.
Prior to heading out for the conference, VanDyke had implemented a free version of Veeam Backup & Replication. That move followed struggles with his old backup software -- he said it had been a month since the product provided good backups.
VanDyke recalled that his mother made a lasting impression on him -- she used to clean the house before going on vacation.
"I didn't feel comfortable leaving things in a state of disarray, at least with my backups," VanDyke said.
How IT recovered from the ransomware
VanDyke was a longtime user of Veritas Backup Exec. However, the product had reached a point where it had issues that Veritas couldn't fix. The root problem was the backup database was corrupt on the server, he said.
In addition, VanDyke felt there was a systemic issue. He said when Symantec spun out Veritas, the support level dropped for Backup Exec. His backups weren't successful, and he was getting tech support callbacks at 7 p.m.
"I had to get somewhere fast," VanDyke said.
The free version of Veeam Backup & Replication fit the bill. He ran the Veeam backups and left for the conference in February 2016.
Minutes before going onstage to talk about managing multiple priorities, he got the text. An operator at the wastewater treatment plant in Kodiak Island Borough reported that a text file on his desktop said that all files were ransomed.
VanDyke left the conference after his presentation. He said he started triaging when he arrived in the office and "camped out there for the following four days."
He began rebuilding and restoring data into a new VMware environment using prior generation server hardware. Once he got basic network functionality back online, he migrated the restored environment back onto current generation server hardware.
"I was a lot more prepared to deal with it with Veeam backups than I would have been otherwise," VanDyke said. Without those backups, "We wouldn't be talking today. It's just that simple."
Paul VanDykeIT supervisor, Kodiak Island Borough
He said the ransomware may have infiltrated the system through an email attachment, but he didn't want to go on a witch hunt. That's a waste of time when you're dealing with ransomware, VanDyke said.
"We got lucky we had good backups," he said. "We got lucky with Veeam."
VanDyke said if there was any blame, it was on him.
The IT department made major changes after the incident.
"This cannot happen again," VanDyke said.
The borough's previous antivirus didn't stop the ransomware from getting in, so it switched to Sophos. It acquired Cisco Umbrella for DNS filtering, as well as new patch management software.
And it bought Veeam and implemented it in a major way.
Leaving infrastructure 'in good hands'
VanDyke has worked in IT at Kodiak Island Borough for 27 years. He was familiar with the Backup Exec model and was originally resistant to Veeam. After the borough's systems became more virtualized, he decided Veeam made more sense. He has found Veeam backups to be more native and smoother.
The borough purchased the Enterprise edition of Veeam Backup & Replication. About three years ago, it added Veeam Backup for Microsoft Office 365. VanDyke said he also uses the Veeam One monitoring tool.
Veeam is protecting all of the borough's on-premises and cloud-hosted data. The borough has about 25 TB of production data in its local data center and less than 25 Office 365 accounts. Its population is about 13,000 and there are less than 50 employees in the local government.
Kodiak Island Borough has not experienced any successful cyberattacks since the 2016 incident. However, the IT department has seen phishing emails that users have reported as suspicious, VanDyke said.
VanDyke said he's happy that Veeam backups enable him to focus on other important tasks for the community.
"It's nice to know that my infrastructure is in good hands."