Customer Stories

Billion-dollar firm successfully recovers from its first ransomware attack with Druva

Druva Marketing

Remote offices are critical to the success of many organizations, like Druva’s customer, a billion-dollar construction firm. Businesses such as this firm leverage remote sites to maintain data locally for a variety of reasons, including application design, data size, bandwidth limitations, and more. 

The nature of this firm’s business is such that it often has to spin up 40+ remote sites for a year or two, and often on very short notice, as it wins new contracts. This flux affects the amount of data it has to protect on the on-premises file servers it maintains at these many locations.

While it relied on Veeam to back up its virtual machines (VMs), sending people and equipment to 40+ remote offices to deploy and configure data protection would be too time consuming and expensive. Additionally, a senior leader at the firm said that they wanted the file server backups to be securely stored off-site, and to them, the only logical answer was moving to the cloud. While they were familiar with Veeam, they were not comfortable using it for backing up remote sites to the cloud.

Deploying Druva at 40+ sites pays off after ransomware attack

In early 2020, malicious actors exploited a Citrix vulnerability in the firm’s infrastructure to gain access to its network. The ransomware spread quickly and the hackers were on the firm’s system for about a week. 

While the Veeam data catalog was corrupted by the ransomware, and the firm was unable to restore from the Veeam backups it had been investing in for years, Druva enabled it to recover backups from all 40+ of its remote file servers.

Druva not only restored these servers over the network, but also leveraged its integration capabilities with Amazon Web Services (AWS) Snowball Edge, a data migration and edge computing device with 100 terabytes (TB) of capacity, to handle the low bandwidth servers. 

With standard restores from the cloud and the new AWS Snowball Edge-dependent features, the firm was able to quickly rebuild its compromised machines, restore the data quickly, and move on to the next affected machine.

The firm’s cloud-first backup strategy with Druva enabled it to recover 100% of the compromised data quickly, as the servers were wiped, rebuilt, restored, and shipped back to the remote sites in a matter of days.

Ransomware recovery — investing for “when,” not “if” an attack takes place

When ransomware succeeds, employees can’t be productive and may suffer costly downtime. Their data is blocked, computers and servers have to be disinfected, and operating systems, apps, and data have to be restored. In addition to business opportunities being lost and intellectual property exposed, the business may have to pay a hefty ransom and its reputation can be damaged.

According to Druva’s eBook, Insider’s guide to defending against ransomware, with ransomware attacks on the rise, organizations of all sizes have found themselves vulnerable and struggling to reduce risk and respond quickly to attacks. It’s not so much a question of if, but when.

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) reported a record number of ransomware complaints in 2020, with losses exceeding $29.1 million.¹ Businesses in every industry need to make sure their data is an asset, not a liability, as data isn’t only valuable to the business itself, but also to its customers and brand reputation. 

What’s next?

Read the firm’s case study to learn more about its ransomware recovery facilitated by Druva, and how it reduced costs by 66% while achieving 2.5x global deduplication storage savings.


¹ Federal Bureau of Investigation, “2020 Internet Crime Report,” March 17, 2021.