 Now I'm going to transition into a fireside chat with Paula Valley the CIO of Yuba County. Hey, Paul. Welcome Thank you So Paul can you tell us a little bit about Yuba County before we we jump into your experience with dealing with ransomware? Yeah, you can use a small County rural County in Northern, California It's it's about 40 miles north of Sacramento the state capital and it's relatively small about 79,000 citizens It's great. Sounds like a good size County to be the CIO of So Paul, obviously you went through a ransomware attack. Can you tell us a little bit about when you were hit and how you discovered the the impact? So we we discovered it first the morning of February 2nd We got a call from our sheriff department about 2 30 a.m Indicated that some of their their services weren't available Upon discovery we realized the initial Indicators of doppelganger ransomware I got it Obviously you have rubric in your environment and I know rubric was part of the recovery process Can you tell us a little bit how we helped you and getting your systems back online? So yeah, we use rubric for backup of all of our server infrastructure both virtual and physical And we did use it as as part of the recovery process Thankfully a hundred percent of what we had backed up. We were able to recover We we use live mounts as part of some of the Virtual server restorations which made things a little quicker too as part of recovery But it at the end of the day it is the one protection you have against ransomware Absolutely. I agree with that. Yeah, so Yeah, obviously you do live mount to get recovery back online. Can you tell us a little bit how long it took to recover? I mean, obviously you probably did critical systems first and then your secondary system second How long it took to get, you know, 50 percent of your environment back 100 percent of your environment back Just a little bit of timeframe for the audience Yeah, so so definitely and there were other things going on too. I'm definitely as part of The ransomware response once you lock things down and are able to recover You're also taking some time to upload forensic evidence for the analysis But once we actually got to the point where things locked down and we could recover Kind of critical systems, especially public safety systems were back within probably a day Then the next group of systems took a few more days or a week to kind of recover And then other systems after that so probably about, you know, 20 percent in a day 40 to 50 percent in a week and then the remainder in the next couple weeks and definitely some of that was not Rubrik holding this up. It was our VMware infrastructure. It was our lack of documentation other things So I think, you know, rubric was never a bottleneck in that process And that's great to hear. We know you were able to recover 100 percent of the data we protected for you So yeah, it's always always great and we hear that all the time from customers. So Obviously, you went through this event, you know, one of the things we want to do at this conference is really help customers, you know, learn from Other experiences. So any lessons that you've taken away that you could share to help prevent, you know, the reoccurrence in your environment or You know, there's something you could take back to their own company and and harness the knowledge that you could share with them Well, I think, um, your first having Well documented complete recovery documentation in places is a good thing to have In our case, we did have a couple critical servers that for whatever Gap in our process. I mean, we're not backed up if we would have had it documented that would have And we'd verified we would have had backups It also would have helped as part of the recovery process the other thing for us is Since ad was used active directory was used as part of the attack Anything organizations can do to tighten their use of active directory, especially for administrative accounts That's an absolute need Anything you can do we we had Endpoint protection in place, but anything you can do to tighten endpoint protection and and then You know, finally, I think the other thing is is understand your cyber liability insurance Well, what what the coverage is and what the process is to to utilize it All great advice paul paul, I want to thank you For joining us today and sharing a little bit of your experience And i'm going to turn it over now to mike tornacosa and mike's going to give you the future where rubik's going