Go-Ahead is a leading public transport operator connecting communities through bus and rail services.
Databarracks has provided Backup as a Service to Go-Ahead Group for all sites including two data centres since 2016.
Following a ransomware attack on September 6th 2022, Databarracks guided their recovery from backups.
Databarracks has provided Backup as a Service to Go-Ahead Group for all sites including two data centres since 2016.
On September 6th 2022, Go-Ahead Group experienced a ransomware attack.
Alan Harvey, Head of IT Operations at Go-Ahead Group:
“Our organisation provides important transport services in several countries, and we’re the biggest bus transport provider in the UK. So, cybersecurity and Business Continuity planning have always been top priorities. We have robust security measures in place, but it’s impossible to protect against every eventuality. Organisations will inevitably face a successful breach at some point.
“In early September 2022, we found ourselves facing precisely this scenario. Members of our team who tried to access data found it to be encrypted. They received an error message telling them the organisation needed to pay a ransom in order to decrypt the files.
“It was clear that the attack was designed to maximise impact and speed with encryption operating at the VM rather than file level. This affected entire sections of our administrative operations, though the impact was limited to our back-office systems, rather than on the customer-facing side.”
In a crisis, having a dedicated team of specialists to problem-solve for the most urgent issues was vital.
“Thankfully, we have air-gapped backups which were unaffected by the attack. Databarracks built and managed them for us, and this is how we recovered from the incident.
“As soon as we realised our system had been infected by ransomware, Databarracks worked with us to establish priorities for the recovery. We had lost our on-premises infrastructure. Our clean backups were in Azure and recovering into Azure was the best option in this incident. Databarracks quickly spun-up dedicated recovery infrastructure for us to accelerate the process.
“Throughout the recovery, the team were constantly monitoring and working to optimise bringing systems back online as quickly as possible. They worked with us to test, validate, tick-off the list, and keep moving through the entire incident.
“Due to the nature of our work, we needed the fastest response and recovery times possible. Databarracks tailored a communications system for our case so they could communicate directly with our Crisis Response Team members. Clear communication during a crisis is critical and there were a lot of things we needed to get over the line very quickly, so this was immensely helpful.”
“One of the major benefits of working with Databarracks is that they have specialists with in-depth knowledge and experience of the infrastructure and applications we use. When we were hit by this cyber-attack, that meant we could rely on them to action our highest priorities immediately.
“In the aftermath of the attack, we carried out a detailed post-incident review to assess areas for improvement. In addition to changes in preventative security, Databarracks were able to help us drive changes in segregation and configuration to help improve the speed of response and recovery.
“For us, that means we have reassurance that this kind of incident is less likely to happen again. And if it does, the recovery process will likely be much simpler.
“Finally, throughout the incident, Databarracks not only recovered our systems, they were also always on hand to advise us. In a crisis, having a dedicated team of specialists to problem-solve for the most urgent issues was vital.
“From when we first encountered the breach, Databarracks was working to recover our systems 24/7. From building new infrastructure to recover our data, to advising on how we can further bolster our security in the future as the threat landscape continues to evolve.
“It is widely accepted now that it is no longer possible to guarantee the prevention of a cyber incident. It is inevitable that at some point, organisations will face a successful attack. The measure of success now is how quickly we can detect, respond, recover, and limit the impact on business operations. Databarracks was key to helping us do exactly that.”