Book demo
09 August 2023

Customer story: Hidden malware, hunted-down in 10 days.

Built for complex storage environments, Predatar uses artificial intelligence, automation, and industry-leading EDR (Endpoint Detection & Response) software to identify and fix potential recovery problems including hidden malware. This short customer story illustrates how one of our newest customers began to achieve significant value from Predatar in just a matter of days.

The customer challenge
A large European industrial machinery manufacturer, with over 250 offices worldwide and annual revenues of more than $250 million (USD) approached their IBM storage business partner early in 2023 with a challenge to solve.

In light of the increasing prevalence of cyber-attacks across many industries – including manufacturing, the customer’s leadership team had initiated a review of operational resiliency in order to minimise downtime in the event of a data breach. The objective was to improve processes across the business to achieve a state of readiness – should the worst happen.

Backup and recovery was a key part of the review, and it quickly became clear that despite having robust backup processes in place, the business was unable to prove its ability to successfully recover data at scale from its extensive 200TB+ IBM backup environment.

Furthermore, there was no mechanism in place to validate that malware had not been ingested into backup repositories – leaving a very real risk that recovery from backups following a cyber-attack would result in re-infection and significant additional downtime.

The challenge… How could the customer be certain of their ability to recover from their backups without the risk of recovery failures or reinfection?

The Solution
Predatar Ultimate was deployed to provide continuous recovery testing and deep malware scanning in an isolated Predatar CleanRoom.

As well as ensuring that the customer’s backups are recoverable, and free from hidden malware – Predatar also monitors the entire IBM Storage Protect environment, providing a real-time recovery confidence rating, threat-level score, and alerts of potential recovery risks as they happen.

The result
Within 10 days of deployment, Predatar had found and cleaned malware in the customer’s backup environment that had not been detected by the customer’s primary XDR software. This malware had been replicated into the backup repositories, where it had remained present for over 200 days.

To-date, Predatar has found and removed malicious files including the hacking tool, HKTL_NIRCMD.GA from the customer’s backup environment ­which is known to be linked to a number of large scale ransomware attacks.

As well as removing existing threats, Predatar is continually improving the customer’s cyber resiliency posture. Since deployment the customer’s cyber grade has improved from an E- to D+, and thanks to the built-in AI and automation this will continue to improve over time.

Master your data resilience
Predatar brings Recovery Assurance capabilities to Veeam, Cohesity, IBM Defender Data Protect, IBM Storage Protect/Plus, and IBM FlashSystems.

To see how you can achieve recovery confidence contact the team, or book a demo.

Sign up today!

Learn more about
Predatar recovery assurance