Overview
In June 2022, a large IaaS (Infrastructure as a Service) providerβone of Nepean Networksβ resellersβwas hit by a devastating ransomware attack that encrypted every piece of data they hosted: client files, workstations and servers.
What followed was a business nightmare… and a critical test of resilience.
The Incident: One Morning Changed Everything
At 4:45 AM, malicious code executed within the providerβs environment and quickly βphoned homeβ to a command-and-control server hosted in the U.S.
Moments later, ransomware began tearing through the network, encrypting everything it touched. Hours later, it was all over. The damage was done.
The providerβfast asleepβwas jolted awake by calls from panicked clients. Virtual desktops were unreachable. Exchange email wasnβt syncing. Applications were failing.
Logging into their core infrastructure, the horror became clear: The entire VMWare environment was gone.
The Gut Punch: No Backups. No Way Out.
As their teams scrambled to lock down systems, find the infection source, and restore services, the realization hit like a truck:
βWe never set up offsite backups. Everythingβeverythingβwas on the same hypervisor. Itβs all encrypted.β
No usable client data. No backups. Years of trust, business, and infrastructureβwiped out in minutes.
The Investigation Begins
Rebuilding from scratch was the only option.
Clients demanded answers (many of whom were Law Firms). A third-party cybersecurity team was brought in to investigate. But they were flying blind:
- No perimeter firewall
- No usable logs
- Only OS-level software firewalls
What they desperately needed:
- Forensic insight
- Data flow history
- Proof of whether customer data had been exfiltrated
The Turning Point: Enter Nepean Networks and Illuminate
Just one week earlier, the provider had deployed Nepean Networksβ Illuminate β a firewall-independent L7 Deep Packet Inspection (DPI) analytics tool.
This changed everything.
- With Illuminateβs visibility, the cybersecurity team could:
- Trace every historical data flow
- Identify the exact command and control server IP and Host
- Monitor all pre and post-infection traffic
- Pinpoint where the encryption key was sent (Megashare, New Zealand)
- Most importantly: confirm no customer data left the premises
That final insight saved the provider from prosecution β and likely the business itself.
Rebuilding: From Chaos to Resilience
Although many clients were lost, enough remained to rebuild.
With Nepeanβs help, the company transformed its approach:
- Security-first architecture
- Segmented, monitored, and protected ingress/egress points
- Cloud and on-prem environments protected with vendor-agnostic tools
Key Takeaway: Visibility Saves More Than Logs Ever Will
Many MSPs chase the dream of an all-in-one vendor: one box that handles routing, firewall, and analytics. But when disaster strikes, thatβs a single point of failure.
Nepeanβs model separates these layersβnetwork, security, and visibilityβgiving MSPs freedom to choose best-of-breed solutions and retain independent analytics across all vendors.
The result?
An unbiased, always-on, retroactive lens into your network. Illuminate delivers the βextra set of eyesβ every MSP needsβbefore, during, and after an incident.
Request a Live Demo
If youβre an MSP or IT professional looking to protect your clientsβand your businessβget a firsthand look at what Illuminate can do.