When Ransomware Struck Three Times: The Backup Architecture That Never Failed

Reading Time: 2 minutes

The Friday Lunchtime Call
The call came through just after lunch on a Friday.
“Nobody can access their files. Nobody can access the server. Please have a look.”  
For our client, a logistics business we’d supported for over a decade, this wasn’t just an IT inconvenience. It was their production environment, their order systems, their entire operation grinding to a halt.  When we connected remotely, the situation was immediately clear: ransomware had encrypted their main server. In 2015, when ransomware was still relatively new and decryption tools weren’t yet publicly available, this was every business owner’s nightmare scenario.

The Architecture That Made the Difference

Twelve years earlier, when we’d first onboarded the logistics company as a client, they were a classic small logistics company: an on-premise Omni server, basic workstations, no active directory, no real security framework. Just a business trying to operate efficiently without enterprise IT budgets.

When we migrated them to a new server to resolve performance issues, we also had a crucial conversation about backups.  Cloud storage was beyond budget, so we implemented segmented external backups — isolated from production, with no shared credentials or mapped drives that ransomware could exploit.

On that Friday afternoon, that single architectural decision saved the business.

Crisis to Confidence in 24 Hours

Within minutes of understanding the situation, we guided the client through immediate containment: “Turn off the switch in the server room. Now! We need to stop this spreading.”

The damage assessment was surprisingly contained: the main server and one desktop user, which was the infiltration point.  More importantly, the previous night’s backup was intact. They’d lose a morning’s work, but because they still maintained manual records alongside their digital systems, even that data could be reconstructed.

By Saturday, their IT environment was fully operational.

Zero ransom paid. Zero data loss. Zero business disruption beyond a single day.

Segmented backup architecture diagram showing isolated backup server protecting against ransomware encryption of production environment
When It Happened Again. And Again.

The real test of partnership came next. Our client was hit a second time. Then a third. Each time, we recovered them successfully. Each time, the segmented backup architecture proved its worth. And each time, we had the same difficult conversation: “You need network-level protection. This reactive approach isn’t sustainable.”
After the third recovery, we didn’t just recommend, we insisted.  fTeh client agreed to deploy a Fortigate firewall with full UTM and IPS protection. Not because it was a bigger sale, but because we had proven our value three times over, and the client needed to understand that prevention was now affordable compared to the alternative.
From that day on: zero viruses, zero ransomware, zero malware incidents.

Why Partnership Matters

Technical competence recovered our client’s data from ransomware three times.  Partnership transformed their security posture for good.

We could have simply restored backups and moved on. Instead, we stayed engaged, adapted to their budget realities, and ultimately convinced them to invest in prevention after demonstrating that our advice was worth following.

That’s the difference between a vendor and a partner.  Vendors fix problems. Partners prevent them and help clients move forward with confidence.

author avatar
Rudie De Vries
See Full Bio
Previous

Let's Connect

Contact Us

Let’s connect

Connect with us