Resources / Case Studies
Avoiding an Extinction Event
Using Elastio’s Ransomware Recovery Platform, JetSweep helped a company recover from a stealthy ransomware attack.
Background
Ransomware Attack on the Company
At 9 a.m. on a Saturday, JetSweep, an AWS consulting partner, received an urgent call from AWS. A company had been attacked by a ransomware group, leaving it unable to deliver services to its customers. All critical business data was encrypted, effectively halting operations. The business was bound by strict service level agreements (SLAs), and this kind of disruption threatened customer trust and long-term viability.
JetSweep was brought in to secure the company’s AWS environment and assist with the recovery process. Ransomware attacks often don’t end when a ransom is refused. Attackers frequently install backdoors or leave dormant ransomware behind to prepare for future attacks, making it critical to fully secure the environment and reduce the risk of reinfection.
“The last thing you want is to restore service, only to face another attack days later. For this business, customer trust was everything.” – Jeff Fudge, Director of Cloud Solutions, JetSweep
The company knew it had one chance to retain customer confidence. It needed to patch any vulnerabilities and ensure there were no hidden compromises in the restored data that could trigger another wave of encryption and disruption, which is why they engaged JetSweep.
Initial Assessment
How the Ransomware’s Stealthy Encryption Tactics Evaded Detection
Forensic investigation quickly revealed that the attackers had likely gained access through an unpatched firewall. Ironically, a system meant to protect the company had become the weakness that exposed it. JetSweep immediately patched the firewall to prevent further access.
But the real challenge emerged when the company tried to restore from backups. The cyberattack had used a sophisticated tactic: encrypting data without detection by hiding the decryption key in memory. The company had been operating normally, unaware that ransomware was already present and silently encrypting data over time.
“The ransomware was encrypting files in the background. The decryption key was held in memory, so the applications ran fine while the data was being corrupted without anyone noticing.” – Jeff Fudge, Director of Cloud Solutions, JetSweep
Even with a leading endpoint protection platform in place, the attack had gone undetected. The corrupted data had been replicated into backups, leaving the company without a clear recovery path.
The Problem
Finding a Clean Recovery Point
Restoring data became an arduous task. The company faced the prospect of manually restoring each backup to check for signs of encryption or undetonated ransomware — a slow, unreliable, and unscalable process. Large file restores could take hours, and even then, there was no way to verify whether the data was clean. The team described the process as “hunt and peck” — trial and error with no way to distinguish good backups from compromised ones.
“They had a lot of backups and no idea which ones were clean and which ones were compromised.” – Jeff Fudge, Director of Cloud Solutions, JetSweep
For the company, getting customers back online quickly is critical. Downtime isn’t just inconvenient — it’s a threat to the business. Violating SLAs could result in lost revenue and long-term reputational damage.
“Long term customer downtime is the kiss of death. If you can’t meet your SLAs, it can be an extinction-level event.” – Jeff Fudge, Director of Cloud Solutions, JetSweep
The company needed a fast, reliable way to identify a clean recovery point to get the business back up and running quickly without risking reinfection.
The Solution
Elastio Platform Automates Backup Scanning for Fast, Confident Recovery
JetSweep brought in the Elastio Platform to accelerate the recovery process. Elastio’s Threat Hunt feature scanned the backups for hidden threats, including ransomware encryption, until it quickly identified the last known clean recovery point.
“Elastio allowed us to see almost immediately which backups were clean. That saved us days — possibly weeks — of trial and error.” – Jeff Fudge, Director of Cloud Solutions, JetSweep
By quickly directing the team to a known good backup, Elastio helped the company reliably restore its systems quickly, without the risk of reinfection.
Elastio’s analysis also revealed how long the attackers had been in the system without being detected by other solutions, including a leading endpoint protection platform. The most recent clean backup was 10 days old.
Despite the extent of the data loss, the company was relieved to have any clean recovery point as it allowed them to avoid rebuilding complex VM configurations — custom-built over years — that would have been lost if the ransomware attack had persisted beyond the backup retention window.
“They were lucky they even had a clean backup. If the bad actors had been in there longer, clean backup within their retention window might not have existed, and they could have lost everything.” – Jeff Fudge, Director of Cloud Solutions, JetSweep
Proactive Protection
Strengthening Recovery With Early Detection
This case shows how Elastio can help recover from an attack, but you shouldn’t have to settle for 10 days of data loss. Proactively integrating Elastio into backup workflows allows early detection of encryption or compromise — before it disrupts operations.
Elastio scans backups continuously, alerting you to threats as soon as they appear. Even stealthy encryptors can be detected because Elastio runs scans off-host, away from production servers that could be compromised. This allows you to confidently restore from a recent backup, minimizing downtime and data loss.
“Instead of discovering a breach after the damage is done, Elastio enables early detection and faster recovery — keeping your business running even with advanced cyber threats.” – Jeff Fudge, Director of Cloud Solutions, JetSweep
The Outcome
Fast Recovery and Long-Term Resilience
With Elastio, the company avoided catastrophic data loss and quickly restored services for its customers. The ability to identify a clean recovery point within hours — rather than weeks — meant the company avoided SLA breaches and retained customer confidence.
More importantly, by demonstrating the value of proactive backup scanning to detect hidden threats in data, Elastio didn’t just solve the immediate problem — it helped the company establish a more resilient ransomware protection and recovery strategy to prevent future attacks from succeeding.
To protect the privacy and security of the affected organization, details have been anonymized. The core facts and recovery strategy remain unchanged to preserve the integrity of the lessons learned.