My DATTOs were broken into last week.

Author
megav13
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/02 23:52:00
  • Status: offline
2019/09/02 23:54:51 (permalink)
0

My DATTOs were broken into last week.

It happened all at once and I'm still working to piece the puzzle together, but have been so busy restore...
We Are truly an AutoTask/DATTO shop. We utilize the DATTO BDR solution, the Dattotask RMM and PSA solution as well as the Workplaces solution.
Last Sunday night, 5 of our clients experienced the GlobeImposter 2.0 virus that destroyed their servers and network encrypting everything... but it didn't stop there..they went after the DATTO appliances. They were able to send a command to each of the five appliances to remove each agent, and from what we see now, possibly even format the drives. Still, it didn't stop there..
What really killed us was the fact that the agent deletion on the appliance triggered a deletion of snapshots on DATTO's cloud side as well, leaving our clients completely dead in the water. Now the solution I've been selling and touting as true DISASTER recovery was crippled, leaving me with very little answers to the clients who spent quite a bit money on their appliances believing it would keep them running. Luckily for a few I had a few snapshots and Windows Backups here and there but will only bring them back in many cases to July, losing a month. Luckily the SIRIS line utilizes a 2nd cloud storage (almost like cold storage) that lasts a few days after data in primary storage is deleted. This saved 3 of our 5 clients as full images are enroute to their appliances. To the 2 ALTO customers, this is not the case. I know have their appliances with Kroll to crack and hack any data that may be in the appliance, assuming it was a header wipe and not a reformat or rewrite.
Still need to work with DATTO to understand how this happened. Same Virus, same time, same damage across five locations.. has anyone seen this before or even experienced this??
#1
Jump to:
© 2019 APG vNext Commercial Version 5.5