MSP Progressive Computing Restores 100% of Data Following Kaseya Attack

“We’re scoring this as a 100% victory. Not only did Axcient’s technology work flawlessly, but the support staff that helped us get through that process was just amazing. They were very compassionate about our situation. We had calls not only from their technical staff, but even senior members of their team reached out to ask, ‘what else can we do to help you guys?”

Robert Cioffi, COO & Co-Founder of Progressive Computing

The Challenge

The Reality of a Total Ransomware Takedown Event

It was the Friday before the July 4th weekend when Robert Cioffi, COO & Co-Founder of Progressive Computing – an almost 30-year-old MSP based in Yonkers, New York – discovered that they were the victim of a massive ransomware attack. Hoping to capitalize on the long holiday weekend, a group of hackers used REvil Sodinokibi ransomware to exploit a flaw in Progressive Computing’s RMM platform. The supply chain attack targeted MSPs and has affected between 800 and 1,500 businesses around the world. For Progressive Computing, every single one of their 2,500 endpoints, including 250 servers across 80 clients, plus their MSP, was encrypted.

Equipped with x360Recover for business continuity and disaster recovery (BCDR), Robert felt confident in their ability to recover from an average ransomware attack affecting one endpoint or one client. However, they had not planned for this kind of RMM infiltration and takedown of 100% of their clients and their own systems. Almost a year later, Robert reflects, saying,

“This could have put us out of business, and many of my customers out of business, simply because of the scale and magnitude.” He goes on to say, “Whether or not we were being naïve about the real possibility that something like this could happen, we never thought about our ability to respond in a mass scale sort of way.”

The Solution

Axcient BDR Technology and Support Enables Rapid Recovery

Robert and his team collaborated with their cyber liability insurance provider to determine the best process for recovery. Based on logs independently verified by two third-party security sources, Progressive Computing pinpointed 10:49 a.m. as the time the attack began. With that information, and Axcient’s 15-minute recovery point objective (RPO), technicians could start restoring servers from 8 a.m. the day of the attack.

From a mathematical perspective, the recovery effort required Progressive Computing to essentially triple in size overnight. With almost 99% penetration, everything needed to be completely destroyed and installed from scratch. Luckily, Progressive Computing had support not only from Axcient, but from the MSP community. Robert had spent years cultivating meaningful connections through peer group involvement and a strong sense of channel unity. What would have taken the Progressive Computing team two to three months to recover, took only 17 calendar days.

Robert says, “Axcient really stepped up. Not just as a technological solution, but as a company who showed great care and compassion when we were in our darkest hour. Their technology worked perfectly and we recovered all 250 of those servers back to their original state. We didn’t lose any data.”

The Results

“Hopefully Axcient is your go-to BDR, disaster recovery, business continuity partner because they were invaluable to us. They assigned us some pretty high level engineers that were on the ready, walking us through some problems, helping us understand what a full-scale recovery would look like. You need strong vendors like Axcient to back you up.”

Robert Cioffi, COO & Co-Founder of Progressive Computing

• 100% recovery of 2,500 encrypted endpoints in 17 calendar days
• 0% of data lost
• $0.00 paid in ransom

In addition to the technical support Robert received from the community, he largely credits platform standardization for the recovery success at Progressive Computing. In fact, his number one piece of advice for other MSPs – from a profitability, efficiency, and scalability perspective – is to standardize on a single platform. Robert explains, “I’m the example of why you should only have one. Your technicians get to know that product or solution the best. They can’t become masters of five different BDR technologies. They just simply cannot. And if we were in that position, with multiple DR technologies, I know that the recovery efforts would have taken considerably longer.”

Looking ahead, Progressive Computing is focused on educating clients about additional protections, like workstation backup and centralizing on a server. They are spinning up a lot more x360Recover Direct-to-Cloud deployments for hardware-free BCDR. Unfortunately, Robert and Progressive Computing continue to deal with the fallout of the attack, and are reevaluating their incident response plan to prepare for whatever could come next.