Overview
An employee-owned construction company with approximately 40 employees faced a ransomware attack in July 2025 that encrypted all virtual servers. The company’s legacy backup solution had been unreliable, suffering from hardware failures, missed backups, and a lack of off-site protection. It also carried high maintenance costs for both hardware and software. Mechdyne implemented Cove Data Protection and SentinelOne, a powerful combination of cloud-native backup and advanced endpoint protection. This proactive cybersecurity approach enabled rapid recovery and minimized damage.
Challenge
When attackers gained access through a compromised print server account, they encrypted all virtual servers, leaving the business unable to operate. The attackers would then have asked for money to free the servers, although this was not a guaranteed result.
SentinelOne successfully blocked the attackers from spreading ransomware to desktops, laptops, and Windows servers. However, because the attack targeted the VMware ESX host, a platform where endpoint protection cannot run, the virtual machine files were encrypted at the hypervisor level.
Solution
Mechdyne responded immediately by changing all VPN passwords, disabling compromised accounts, and rebuilding the VMware ESX host. Using Cove Virtual Disaster Recovery, the team created clean virtual machines from point-in-time backups, restored the domain controller and application servers, and recovered SQL Server along with other critical data. SentinelOne continued to prevent the ransomware from making further lateral movement and data exfiltration attempts during the recovery process.
Outcome
The company was fully operational again in just six days, including weekend work. There was minimal data loss, and no ransom was paid. Thanks to off-site backups and advanced endpoint protection, business continuity was preserved. Now, with proactive detection and a response process in place, the company has emerged more security-aware and prepared for future threats.