We all know it.

When working in IT, we do know how important backups are.

A few weeks ago, a customer was hit by the dreaded Cryptolocker virus. We all were working under the impression that the customer was protected by the backups that were made daily.


This customer was recently added to our company’s portfolio and thus we were responsible for their on-prem environment. The administrator account from the previous IT service provider was changed and the account was disabled. After some more changes and tweaks in their environment we were under the assumption that everything was running smooth at their end. Yes they called our service-desk sometimes with normal service related questions.

Until 1 day, someone called our service-desk with the problem of not being able to open several Word and Excel files.

After a few minutes of research, it was quickly apparent that the files were not Word and Excel files anymore.

We told the user to tell everyone to immediatly logoff from the system and await a call from us.

We were immediately set into high gear and  were already logging into the backup server to start a file based recovery. A colleague was already scanning all servers and After a few minutes, we found the user that started the infection and also found the culprit that was causing the troubles.

After a thorough cleanup of all found viruses, we went back to the backup-server that was logged on and the backup software was already running. We quickly came to the conclusion that we have made  major fuck-up.

The last successful backup was several months old. For a few moments we thought we were screwed. The infected server was functioning as file and domain-controller and we did not have a working backup.

After a few minutes of thinking, someone came with the clever idea to check if Previous Versions was enabled. Thank god for us, it was. Using Previous Versions and several times a restore of the infected server (which we backupped as soon as it was infected) we had regained all of it’s data.

Thank god it’s over…

Pages: 1 2