Case Study 

Why having a ransomware Incident Response Plan and Solution is critical in today’s fight against cyber crime


Colchester Institute is the largest vocational college serving North Essex and the surrounding areas. The Institute provides first class education, professional development and technical skills training to over 8,000 young people and adults every year. Colchester Institute is regionally recognised for its outstanding facilities, which are constantly being renewed and refreshed.

Robustly serving Colchester Institute’s 8000 strong student body is at the heart of many of the Institute’s recent transformations amongst them a review and a refresh of their network infrastructure, including the network design, implementing an Office365 environment and installing new VoIP quality Wi-Fi.

Colchester Institute aims to be a ‘Lighthouse College’ for the further education sector and to lead the way through its transformational approach.

The Senior Leadership Team was concerned about the rise in ransomware attacks in education. The National Cyber Security Centre (NCSC, part of GCHQ) issued an alert to education in March 2021, stating:

‘Since late February 2021, an increased number of ransomware attacks have affected education establishments in the UK, including schools, colleges and universities.’

In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing‘

At that time, in partnership with KHIPU Networks, the IT services team, which is part of the college ILT department, were already actively reviewing how they can improve their overall cyber security posture. As part of this review, KHIPU introduced the institute to Rubrik.

Breach protection with instant recovery should be a top priority within any organisation’s cyber security strategy. By implementing Rubrik, in the event of a breach, the solution enables customers to:

  • Recover instantly. Return to the most recent clean version with just one click.
  • Safeguard backups. Rubrik’s immutable backups protect against corruption or deletion.
  • Analyse the attack impact. Determine exactly what files and applications were affected using automated data visualisations.
  • Detect backup anomalies. Perform file system and content behaviour analysis with ML-basing detection.

Being long term Veeam customers, the institute needed a full review so that they could make an informed decision to move away from their current investment.

The review concluded with Rubrik being the choice for the institute due to its overall protection and recovery from cyber breaches, coupled with its ease of deployment and management. The institute invested in Rubrik “R6404” appliances replicated between their sites. Ben Williams, IT Services Manager, stated;

“KHIPU and Rubik made it really easy to evaluate the solution. We really liked the technology and the driving factor for us was the Ransomware protection. The immutable storage was also a key part of our decision to go with Rubrik. The current solution did not support this at the time”.

“We were also impressed with the appliances. Rubrik came as a unit, so we did not need separate virtual or hardware units. We went from 15 servers (11 virtual and 4 hardware) to 2 x hardware appliances. This gave us a big admin reduction and simplified our systems”.

The IT services team’s forward thinking approach to cyber security transformation and innovation served them very well following a very serious and malicious ransomware attack that struck the institute.

A typical ransomware attack encrypts data and requests a ransom (often in bitcoin) to release the data. However, the attack that hit the institute was extremely sophisticated and malicious with hackers attacking and destroying mission critical areas of their server infrastructure by deleting email servers, domain controllers and anti-virus consoles as well as encrypting their virtual server environment. Critical systems were compromised which made it very difficult to do business as usual (BAU) tasks and communications for staff and students was effected.

The first sign of this ransomware attack was when the IT services team tried to login one Monday morning and discovered that all the administration accounts had been disabled by the hackers.

One of the servers displayed a ransomware note, detailing how the IT services team could fix the servers, along with email and website contact details of the offending hackers. The institute immediately informed their senior management teams, as part of its incident response process.

“As soon as we were aware of the breach, we contacted KHIPU immediately and with their and Rubrik’s expert teams, we saved the day from a backup and restore perspective including finance, student records and admissions”.

Thankfully, the institute had a cyber insurance policy in place, as well as 3rd party cyber security partners, who assisted with a rapid and successful recovery. This coupled with extremely good relationships with their suppliers meant a much speedier and more successful recovery.

One of the ultimate unique factors of Rubrik’s Backup and Recovery solution is the fact that the system is not domain-joined so the attackers did not know such defences were in place. Rubrik simplified the backup and recovery process by allowing the institute to recover data no matter where it lives. This is all done by consolidating disparate hardware and software components into a single management plane.

The institute was able to keep the lights on and continue to deliver a robust service to their students and staff. Their decision in March 2021 to move away from one platform to another was the best solution Colchester Institute could have made following a real-life cyber-attack.

In conclusion, this is a perfect example of an organisation working in partnership with a strategic cyber security partner and technology vendor to deliver a mutually advantageous long term security solution.

In the interim we relied heavily on Zoom and tools like google classroom, Gmail and Moodle. But thanks to Rubrik and KHIPU Networks, we were able to restore our operations rapidly with as little disruption as possible.

Colchester Institute is now very secure against ransomware, and they attribute that not just to the right solution at the right time, but also to the effectiveness and timeliness of the support from Rubrik engineers and the dedicated team at KHIPU Networks.

Everyone stepped up to support us. The human touch coupled with the technology and the various suppliers’ approaches to helping us created a winning scenario and made a huge difference to the speed and quality of recovery. We made a significant investment in March 2021, and we have seen the ROI on that investment already’. Data is everything. It must be protected and Rubrik did the job”. Concluded Ben.

  • 'As soon as we were aware of the breach ,we contacted KHIPU immediately and with their and Rubrik’s expert teams, we saved the day from a backup and restore perspective protecting our critical platforms including finance, HR, student records and admissions.'

  • ‘The main lesson we learnt is that the remediation and response to a ransomware attack of this kind needs to focus on recovery and Rubrik’ solution in this area is second to none. It is vital to be able to get operational again quickly’.

  • ‘With ransomware on the rise and the prevalence of the attacks in education, we simply could not have recovered as fast or as well without Rubrik and the support of the team at KHIPU Networks. We invite other educational institutions concerned about ransomware attacks to get in touch. We are really happy to share our experiences and our advice.’

Register Your Interest

Please fill out the form and we will be in contact to discuss your interests.

Alternatively, please contact the KHIPU team.

UK: +44(0)345 272 0900
SA: +27 (041) 393 7608

Contact Us

Main Contact Form

Privacy & Cookie Policy(Required)
Marketing Consent
This field is for validation purposes and should be left unchanged.