Stellar Exchange Toolkit Restores the Mailboxes of 300 Users from a Hacked and Encrypted Exchange Server
TLT Networks Inc. is a network consulting and security services provider, based in London, Ontario. It utilizes industry-leading technology to design, build, and support IT environments.
A client of TLT Networks, having more than 300 employees, faced a hacking attack on its Exchange Server. The attack encrypted the Exchange database, leading to the loss of mailbox data and email connectivity. The client organization needed to restore the email history and user mailboxes comprising critical business emails and restore the email connectivity in minimal time.
In this case, a key challenge was the time required to “manually” restore the encrypted database and mailboxes of the hacked Exchange Server. Also, the AD backup had got corrupted, leaving no options to restore the database and emails by using Microsoft Exchange tools.
The following sections summarize the key challenges:
- Restore the email connectivity in minimal time:
To mitigate the issue, the team at TL Networks Inc. did a clean Windows/Exchange setup to establish the email flow quickly.
- Export data from offline Exchange database:
The attack had destroyed the critical Exchange Server component and encrypted most of the data. Further, it had corrupted the Active Directory (AD) backup, and there was no other backup available. Thus, it was not possible to export data from the offline Exchange database
Due to data encryption, restoring the emails and mailboxes of the hacked Exchange server was challenging. However, the offline EDB files were not encrypted. Thus, it was possible to extract the mailboxes from the Offline EDB; however, this could have taken considerable time to restore the server and mailboxes.
Following were the critical business needs:
- Recover mailbox data from hacked and encrypted Exchange Server
- Restore user emails and mailboxes to resume email connectivity
Mailbox Recovery Attempts
TLT Networks team attempted to mitigate the issue by setting up a clean Windows Server and Exchange to restore the database from the hacked server and resume the email flow. They tried attaching Exchange DB on the new server. However, due to urgency, they decided that Stellar Toolkit for Exchange was a better way to proceed.
While attempting to recover the database, the TLT Networks team came across Stellar Toolkit for Exchange, a software suite that recovers user data from the offline Exchange server. The tool can scan Exchange offline database and recover user mailbox data without AD or any unique setup or permissions, and extract the mailboxes in PST file format.
TLT team downloaded the demo version of Stellar Toolkit for Exchange and tried it for scanning Exchange 2013 offline database and recover user mailbox data. The software could recover user mailbox data and preview the mailboxes and their contents, including email body text, attachments, contacts, calendar, etc. It was also able to locate the deleted and lost mailbox items in the offline EDB files.
After verifying the mailbox data, the team decided to activate the software and export data from the offline Exchange database.
The tool was able to repair and restore the email history and mailboxes with a few hiccups and freezing issues during mailbox export due to disk I/O or when the software is used on a system that meets only the minimum system requirements. However, the Stellar technical support team quickly resolved these issues.
The toolkit recovered the required mailboxes and emails of the users and restored them on the new server with a simple import method. It helped the TLT Networks team to recover emails and other mailbox data, as required by the client organization.
Stellar Toolkit for Exchange helped TLT Networks Inc. to resolve a complex and challenging task of restoring the emails and mailboxes of a hacked Exchange Server with minimal efforts and time. The toolkit helped restore the users’ mailboxes with complete integrity, which was verified using the Preview feature.