Case Study
No Mail Server. No Timeline. No Problem: Ransomware Recovery and Microsoft 365 Migration for a Global Security Firm
When ransomware took a global security firm’s hosted mail server offline indefinitely, netMethods recovered what could be recovered and rebuilt the entire email infrastructure on Microsoft 365 — while the original server was still down.
The Situation
Ransomware doesn’t announce itself. For a 500+ person global security firm, it arrived as an attack on the hosted server infrastructure that their entire email operation ran on. The mail server went offline. The provider had no recovery timeline. The firm’s entire workforce was suddenly without email.
For a security firm that size, email isn’t a convenience — it’s the backbone of client communication, internal coordination, contract management, and the operational workflows that keep a global organization functioning. netMethods was brought in with a simple, extraordinarily difficult mandate: get the firm’s people back on email, recover as much historical data as possible, and do it without being able to touch the server that held everything.
The Challenge
• Hosted mail server offline under ransomware attack — no access, no timeline, no guarantee of recovery
• 500+ users across a global organization without email or access to mail history
• No central repository for data recovery — the server was the repository, and it was gone
• PST and OST files on individual computers were the only available source of historical email — scattered and inconsistent
• Business communication had to be restored as quickly as possible while recovery and migration ran simultaneously
The Approach
Immediate Triage & Communication Continuity
The first priority was getting critical teams back on email. netMethods initiated the Microsoft 365 tenant setup and provisioned Exchange Online mailboxes for the organization’s highest-priority users first — executives, client-facing teams, and operational leads — so essential communication could resume while the broader migration ran in parallel.
Email Data Recovery From Local Files
With the mail server inaccessible, the only sources of historical email data were PST and OST files on individual users’ computers — local copies Outlook creates during normal operation. Coverage was inconsistent: some users had large, recent archives; others had minimal data; some had nothing usable. netMethods coordinated a systematic recovery process across the organization — locating PST and OST files, assessing contents, and importing recoverable data into corresponding Exchange Online mailboxes. Every mailbox was treated individually with the goal of recovering as much historical correspondence as possible without delaying the broader migration.
Full Microsoft 365 Deployment
Alongside recovery, netMethods executed the full Microsoft 365 deployment — provisioning all 500+ user accounts, configuring Exchange Online for the firm’s domain, and establishing security and compliance policies appropriate for a global security firm. The entire migration was executed while the original mail server remained offline. There was no clean source environment, no predictable data set, and no fallback. The new environment was built in parallel with the recovery effort, not sequentially.
The Outcome
Within days of engagement, the firm’s critical teams were back on email. Within the full migration window, all 500+ users had active Exchange Online mailboxes with whatever historical data could be recovered from local sources. The Microsoft 365 environment was fully operational while the original hosted mail server was still offline and the provider still had no recovery timeline.
The engagement required a different kind of problem-solving than a planned migration. No clean source environment, no predictable data set, no fallback. What it required was a team that could assess a chaotic situation quickly, prioritize what mattered most, and execute under pressure without waiting for ideal conditions that weren’t coming.
Results at a Glance
• 500+ users migrated to Microsoft 365 Exchange Online
• Email communication restored for critical teams within days of engagement
• Historical email recovered from PST and OST files across user computers
• Full Microsoft 365 tenant deployed and operational while original server remained offline
• Security and compliance policies configured for a global professional services firm
• Zero dependency on the ransomware-affected infrastructure throughout the engagement
A Note on Emergency IT Engagements
Ransomware incidents don’t wait for a convenient moment and they don’t come with a recovery manual. The firms that recover quickly are the ones working with a team that has done this before — that knows how to find data where it shouldn’t have to be found, build infrastructure under pressure, and make decisions without complete information.
If your organization is in the middle of an incident, or wants to ensure you’re never in this position, we’re the right team to call.
About netMethods
netMethods is a managed IT services provider headquartered in Lake Forest, CA, with over 25 years of experience supporting organizations across Orange County and Southern California. We specialize in managed IT, cloud infrastructure, IT security, and practical AI solutions for healthcare, manufacturing, public sector, and professional services organizations.