Industry: IT Industry

Service Line: Cloud Security

Geography: UK

Faced with ransomware attacks on their AWS environment and several virtual machines being compromised, the client needed to restore about 350 affected VMs and mitigate their environment for any malicious attacks. By running custom scripts and installing antivirus, the client not only restored those virtual machines to their original state, but also strengthened their security against future attacks.

Business Challenges

A Digital Forensics and Incident Response company working at the epicenter of the cyber security ecosystem has an AWS environment that had a ransomware attack. All the virtual machines in the environment were compromised and they were not accessible. The client was facing downtime and an immediate remediation process was required.

Client Requirements

The client wanted a solution to restore those virtual machines to their original state. There were about 350 virtual machines that needed to be restored. Installation of antivirus on those affected machines and updating security policies in their AWS environment were also required.


VaporVM restored the virtual machines by running custom scripts to generate a forensic report on the affected VMs. All the gathered forensic reports were stored in a centralized SharePoint. 

After identifying the type of encryption needed, an antivirus was installed on the affected machines, and the VaporVM Security team strengthened the security rules on the virtual machines for any future ransomware attacks.

Value Created

By shifting the focus to employing more proactive security measures on their existing AWS environment, the client can now mitigate cyber-attacks before any damage is done and all their affected virtual machines are restored.