Skip to content
About > Client success > Case Studies > Case Study: Ransomware Recovery

Case Study: Ransomware Recovery

A person types on a keyboard next to a laptop displaying a warning message that says, "System Hacked," highlighting the urgent need for ransomware recovery services.

Overview

An award-winning international design studio faced a devastating ransomware attack over a holiday weekend. The attack left their Exchange server encrypted and 460,000 out of 1.3 million files compromised.

The attackers demanded a £500,000 ransom. Thanks to a rapid response and expert ransomware recovery services from Krome, the studio avoided paying and restored operations swiftly.

When the attackers struck, the business (which wishes to remain anonymous) enlisted the help of Krome Technologies to mitigate the damage, save their data and restore their operations as swiftly as possible. As a result, they avoided having to pay the half a million-pound ransom demand made by the attackers.

In order to resolve this issue, Krome’s team of security professionals acted immediately by evaluating the attack, quickly ascertaining that the attack was still in progress, and instructed the client to shut down all of their systems. This ensured that no further files could be encrypted.

Krome worked closely with the client to rebuild their systems and brought them back to being fully operational. Within 48 hours of engagement, Krome had identified the files that could be restored, approximately 30TB’s of data was recovered and restored. 80% was required data was fully recovered.

Ben Randall Krome

"In an attack scenario, it is safer to assume that everything on the network is compromised, the best course of action is to shut it down as quickly as you can."

Ben Randall | Technical Director | Krome

The Challenge

The ransomware attack struck while most staff were away, encrypting critical data and backups. With endpoints disappearing and systems compromised, the studio urgently needed ransomware recovery expertise to save its business.

The Solution: Ransom Recovery

Krome’s ransomware recovery team immediately instructed the client to shut down all systems, halting further encryption. Within 48 hours, they identified recoverable files and provided a detailed analysis of the attack. Using an earlier, uninfected SAN snapshot, Krome rebuilt virtual machines on isolated networks and provisioned clean data to users. Temporary storage arrays were loaned to facilitate the ransomware recovery process, and all client devices were wiped and rebuilt to eliminate any lingering threats.

The Results

  • 80% of data fully recovered – about 30TB restored
  • Systems were fully operational within 10 days of the attack
  • No ransom paid, saving the client £500,000
  • Clean, secure data provisioned to users
  • Ongoing IT support and future safeguarding against attacks

This ransomware recovery case highlights the importance of rapid expert intervention, robust backup strategies, and ongoing IT support. By acting quickly and leveraging clean data snapshots, the business was able to restore critical operations and strengthen its defences against future cyber threats.

To read the full case study please complete the form below.

Request Case Study

First Name
Last Name
This field is hidden when viewing the form

Related Case Studies

View all

Case Study: SilverPeak WAN Optimisation for Furniture Manufacturer Symphony Group

Symphony Group choose SilverPeak WAN optimisation to overcome network performance challenges and lower ongoing WAN costs.

Case Study: Dell EqualLogic SAN Solution for National Car Parks

Krome installed a Dell EqualLogic storage solution to strengthen NCP's DR strategy and improve the resilience and availability of its IT infrastructure.