The Situation 

A UK Legal firm was subjected to a ransomware attack whilst being acquired by a leading UK PaaS provider. A deep security investigation was initiated to inspect and isolate clean backups to enable an emergency recovery migration into a locked down environment. In conjunction an O365 solution was put in place to enable the continued day-to-day running of the firm.

The Task 

The affected legacy customer environment needed to be moved from a secure backup site to the new PaaS provider DC without any chance of bringing any ransomware along with it.

• There were several servers reported as clean and safe to move.
• A full rebuild was required of all internal security protocols currently sitting on the legacy platform.
• Ensure the isolated servers are in a state of migration readiness.
• Configure the landing platform so that it is locked down and isolated from any real-world and internal connectivity.
• Health checks on all affected and non-affected workloads were carried out.

The Action 

Towers Associates worked with the PaaS provider InfoSec team to ensure the recovered environment landed in a secure offline environment where further testing activities were performed. 

• Full system mapping of vm resources. 
• Provisioning of offline secure landing platform. 
• Provisioning of secure network segment, go live readiness. 
• Pre-seeding activities of in scope vm’s. 
• Migration of scoped vm’s using migration tooling. 
• Healthcheck and network isolation activities. 
• Hypercare and Handover. 

The Result 

A complete recovery of the customer environment, data and operations within the new PaaS providers DC enable the business to continue and the merger of the technology estate to be successfully completed by the PaaS provider.