Restoring operations faster: VNOG cuts ransomware recovery from weeks to hours with Veeam

VNOG operates under highly time-critical conditions. Often, the sooner its teams can respond to an incident, the better the outcome. At the same time, the organization never rushes into a crisis unprepared. By equipping its teams with accurate information, VNOG helps them provide the most effective assistance.

“Our teams make life and death decisions every day,” said Edwin Moraal, Chief Information Security Officer at Veiligheidsregio Noord- en Oost-Gelderland (VNOG). “For example, when deciding whether to enter a building that’s on fire, it’s useful for our firefighters to know if it’s a derelict site or if there might be people with mobility issues stuck inside. When a tree falls onto electrical lines during a storm, they look to identify how and where to turn off the power safely. All this data can be provided to them via their tablets, but, to keep them informed, our systems must be available 24/7.”

Emergency response organizations can be popular targets for cyber-criminals, who look to cause the most disruption possible to extract the largest ransomware payments. VNOG discovered this the hard way when it came under attack.

“A colleague contacted me over the weekend and mentioned he was having trouble accessing our internal mail system,” said Moraal. “We soon found out that a cyber-criminal had hacked into our IT environment and was demanding a ransom. Luckily, we were able to restrict the attack to our internal IT systems, so there was no impact on essential services, though it was very inconvenient for employees.”

At the time of the attack, VNOG was using Microsoft tools to back up its data to legacy hardware. The organization faced the challenge of recovering using its aging, slow backup infrastructure.

“My motto is: Never waste a crisis,” said Moraal. “We opted to take a two-pronged approach in the aftermath of the attack. The first priority was recovering from the crisis situation to normal operations. Second, we seized the opportunity to redesign our cyber-security policy and the underlying toolset. The attack could’ve been much worse, so we wanted to make sure we were better prepared for the next incident.”

VNOG was already in the process of purchasing Veeam data resilience technology when it was targeted by cyber-criminals. The organization reached out to Veeam and its partners for help.

“Even though it was late at night on a weekend, I got through to the right Veeam contact immediately,” said Moraal. “He put me in touch with Veeam’s partner it2grow, who called me before I could call them! They helped us initiate our recovery from the attack.”

Next, VNOG deployed Veeam to support a new approach to data resilience. The organization embraced the 3-2-1-1-0 rule: Retaining at least three copies of data, two of which are stored on different media, and one immutable copy in a remote location. Now, VNOG can always restore with zero faults.

“With help from Veeam and it2grow, we’ve radically increased our cyber-resilience,” said Moraal. “We’re now backing up 17 TB of data across 130 virtual machines hosted on four physical machines every night, something that simply wasn’t possible before.”

VNOG also enhanced its data resilience capabilities without adding complexity by deploying Veeam Data Cloud for Microsoft 365 and Veeam Data Cloud for Microsoft Entra ID. Through these purpose-built, all-inclusive SaaS solutions, the organization ensures that business-critical Microsoft data is always available, secure, and accurate, which dramatically reduces the risk of disruption to users.

“We decided to upgrade from Veeam Backup for Microsoft 365 to Veeam Data Cloud to free us from purchasing and maintaining our own storage and all the planning headaches that come with that,” said Moraal. “Now we benefit from predictable costs and unlimited storage. Plus, adoption only took a few hours and couldn’t have been easier. Veeam Data Cloud allows us to recover Microsoft data in just minutes and much more granularly than before. Knowing that Veeam – the experts – are maintaining, patching, and securing these environments continuously gives us great peace of mind.”

VNOG’s IT team has a particular appreciation for Veeam’s ability to restore data quickly and simply, having experienced a ransomware attack.

“We feel so much more secure now that we have immutable backups through Veeam,” said Moraal. “Veeam is pretty much ‘dummy-proof’ too — the user interface is so intuitive that even the most junior member of our team could use it to restore data or configure backups. If only we’d had Veeam in place when we were last cyberattacked, the recovery process would have been much easier.”

When data is deleted accidentally rather than compromised through malicious means, VNOG can use the Veeam solution to minimize the impact on operations.

“We had two people in the organization with the same name, and when one left, we accidentally deleted the wrong user profile in Microsoft Entra ID,” said Moraal. “In the past, not only would it have taken a lot of time and effort to rebuild the profile, but we would also have lost data irrevocably. With Veeam, we fixed the issue in seconds.”

Today, VNOG is using Veeam to protect workloads on-premises and in the cloud. The organization is also using Veeam to unlock data across its IT landscape, and the solution will play a crucial role in the future.

“We started by storing two copies of data in each of our twin data centers and one in the cloud,” said Moraal. “We then moved to triple redundancy in the cloud. Recently, we used Veeam to migrate from Microsoft Hyper-V to VMware, which saved us time and money. Veeam can back up and move workloads equally as well wherever they reside, giving us the freedom to build a roadmap that works for VNOG, assured that our data is fully protected and portable.”

• Facilitates full restoration of data within 12 hours rather than weeks, minimizing the potential impact of ransomware incidents on emergency services.
  “Ransomware is a growing threat,” said Moraal. “Veeam gives us extra layers of resilience so we can continue to pursue our mission: Keeping the 870,000 citizens of North and East Gelderland safe.”
• Enables comprehensive, daily back up of VNOG’s entire IT environment for the first time, reducing risk of data loss dramatically.
  VNOG can now back up 100% of its IT landscape every night using Veeam, driving down the organization’s recovery point objective [RPO].
• Gives VNOG access to specialized data backup and restore expertise, strengthening the organization’s cyber-resilience posture.
  “At first, you’d think the timing of our ransomware attack couldn’t have been worse, since we hadn’t yet deployed Veeam,” said Moraal. “But actually, Veeam connected us with it2grow, who have been an invaluable partner in enhancing our cyber-resilience strategy.”