VNOG bounces back from a ransomware attack by slashing data recovery times from weeks to hours

VNOG operates under highly time-critical conditions. Often, the sooner its teams can respond to an incident, the better the outcome. At the same time, the organization never rushes into a crisis unprepared. By equipping its teams with accurate information, VNOG helps them provide the most effective assistance.

“Our teams make life and death decisions every day,” said Edwin Moraal, Chief Information Security Officer at Veiligheidsregio Noord- en Oost- Gelderland (VNOG). “For example, when deciding whether to enter a building that’s on fire, it’s useful for our firefighters to know if it’s a derelict site or if there might be people with mobility issues stuck inside. When a tree falls onto electrical lines during a storm, they look to identify how and where to turn off the power safely. All this data can be provided to them via their tablets — but, to keep them informed, our systems must be available 24/7.”

Emergency response organizations can be popular targets for cyber- criminals, who look to cause the most disruption to extract the largest ransomware payments. VNOG discovered this the hard way when it came under attack.

“A colleague contacted me at the weekend and mentioned he was having trouble accessing our internal mail system,” said Moraal. “We soon found out that a cyber-criminal had hacked into our IT environment and was demanding a ransom. Luckily, we were able to restrict the attack to our internal IT systems, so there was no impact on essential services, though it was very inconvenient for employees.”

At the time of the attack, VNOG was using Microsoft tools to back up its data to legacy hardware. The organization faced the challenge of recovering using its ageing, slow backup infrastructure.

“My motto is: never waste a crisis,” said Moraal. “We opted to take a two- pronged approach in the aftermath of the attack. The first priority was recovering from the crisis situation to normal operations. Second, we seized the opportunity to redesign our cyber-security policy and the underlying toolset. The attack could’ve been much worse, so we wanted to make sure we were better prepared for the next incident.”

VNOG was already in the process of purchasing Veeam data protection technology when it was targeted by cyber-criminals. The organization reached out to Veeam and its partners for help.

“Even though it was late at night on a weekend, I got through to the right Veeam contact immediately,” said Moraal. “He put me in touch with Veeam partner it2grow, who called me before I could call them! They helped us initiate our recovery from the attack.”

Next, VNOG deployed Veeam Availability Suite and Veeam Backup for Microsoft 365 to support a new approach to data protection. The organization embraced the 3-2-1-1-0 Rule, retaining at least three copies of data, two of which are stored on different media, and one immutable copy in a remote location. Finally, VNOG can always restore with zero faults.

“With help from Veeam and it2grow, we’ve radically increased our cyber- resilience,” said Moraal. “We’re now backing up 17TB of data across 130 virtual machines hosted on four physical machines every night, something that simply wasn’t possible before.”

VNOG benefits from simpler, faster data restore thanks to Veeam. The organization’s IT team has a particular appreciation for this capability now that the organization has experienced a ransomware attack.

“We feel so much more secure now that we have immutable backups through Veeam,” said Moraal. “Veeam is pretty much ‘dummy-proof’ too — the user interface is so intuitive that even the most junior member of our team could use it to restore data or configure backups. If only we’d had Veeam in place when we were last cyberattacked, the recovery process would have been much easier.”

When data is deleted accidentally rather than compromised through malicious means, VNOG can use the Veeam solution to minimize the impact on operations.

“We had two people in the organization with the same name, and when one left, we accidentally deleted the wrong user profile,” said Moraal. “In the past, not only would it have taken a lot of time and effort to rebuild the profile, but we would also have lost data irrevocably. With Veeam, we fixed the issue in seconds.”

Today, VNOG is using Veeam to protect workloads on-premises and in the cloud. The organization has recently adopted a cloud-first strategy, with Veeam playing a crucial role in its future plans.

“At present, we’re storing two copies of data in each of our twin data centers and one in the cloud,” said Moraal. “In the future, we plan to move to triple redundancy in the cloud. Veeam can back up workloads equally as well wherever they reside, giving us the freedom to build a roadmap that works for VNOG, assured that our data is fully protected.”

Facilitates full restoration of data within 12 hours rather than weeks, minimizing the potential impact of ransomware incidents on emergency services. “Ransomware is a growing threat,” said Moraal. “Veeam gives us extra layers of resilience so we can continue to pursue our mission: keeping the 870,000 citizens of North and East Gelderland safe.”

Enables comprehensive, daily back up of VNOG’s entire IT environment for the first time, reducing risk of data loss dramatically. VNOG can now back up 100% of its IT landscape every night using Veeam, driving down the organization’s recovery point objective [RPO].

Gives VNOG access to specialized data backup and restore expertise, strengthening the organization’s cyber-resilience posture. “At first, you’d think the timing of our ransomware attack couldn’t have been worse, since we hadn’t yet deployed Veeam,” said Moraal. “But actually, Veeam connected us with it2grow, who have been an invaluable partner in enhancing our cyber-resilience strategy.”