It started with a print server acting strangely. What seemed like a minor issue quickly escalated into a ransomware attack that encrypted every virtual server in the environment. For a business with about 40 employees, many of whom are stakeholders, this could have meant catastrophic downtime and financial loss. Instead, thanks to Mechdyne’s proactive cybersecurity solutions, the company was back up and running in less than a week, without paying a cent.

The Attack Unfolds

In late July 2025, the company reported problems with a print server. During the investigation, Mechdyne support technicians discovered that attackers had gained access through a compromised account and were actively encrypting servers.

“It’s kind of creepy when you’re troubleshooting and realize there’s somebody else in the system doing stuff,” said Mechdyne’s Systems Administrator, recalling the moment he saw the attack in progress.

SentinelOne, which Mechdyne had implemented earlier, played a critical role by stopping the attackers from spreading ransomware to desktops, laptops, and Windows servers. However, the attackers targeted the VMware ESX host; the hypervisor that runs all virtual machines. Endpoint protection like Endpoint protection cannot run on this host platform, so once they gained access, they encrypted the virtual machine files at the storage level. This rendered all virtual servers inoperable, even though the endpoints themselves were protected.

The Response

Mechdyne’s team acted immediately. All VPN passwords were changed. Compromised accounts were disabled. The VMware ESX host was completely rebuilt to ensure a clean environment.

“I worked through the weekend. Bottom line, we got them back up and running,” said the System Administrator.

The Recovery

The real redeemer was Cove Data Protection, a cloud-native backup solution Mechdyne had deployed months earlier. Using Cove’s Virtual Disaster Recovery feature, our technician was able to create clean virtual machines from point-in-time backups, restore the domain controller and application servers, and recover SQL Server along with other critical data.

“Because they had Cove Data Protection, we were able to restore their servers to a known good point and get them back up and running quickly,” He explained.

This approach avoided paying the ransom and minimized downtime.

The Outcome

Within six days, including weekend work, the company was fully operational again. There was minimal data loss, no ransom paid, and the business continuity plan proved its worth. Today, the company is more security-aware and proactively prepared for future threats.

Ensure your business can bounce back from ransomware.

Backup Services

Related Posts

What Happens If You Don’t Upgrade from Windows 10 to Windows 11?
AI in Cybersecurity: Thoughts from an IT Asset Technician
What Are the Signs of a Cyber-Attack? 
The Clock is Ticking: Secure Your Systems Before Windows 10 Ends
How Level 1 Cybersecurity Agents Protect Your Organization
Staying Ahead of Cyberattacks with DNS Filtering
Incident Response Protocol Training for Service Desk Staff
Integrating the Service Desk into Cybersecurity Incident Response
The Consequences of Ignoring Patches and Updates
Who Needs Cybersecurity Anyway?
Lifecycle of a Ransomware Attack
7 Cybersecurity Gaps that Expose Businesses to Threats (And 1 Way to Fix Them)
7 Tips for Work From Home Security
Are Bring Your Own Device/BYOD Policies Putting Your Organization at Risk?
How Proactive IT Management Stops Threats: Current & Next Generation End Point Protection
How to Use Device and Server Management Proactively to Protect Your Business
Why are Patches Important?
Consider Two-Factor Authentication as Part of an Overall Cybersecurity Posture
5 Reasons Companies Should Be More Concerned About Cybersecurity Threats
10 Actions to Minimize Cybersecurity Threats