Cohesity and the case for tested ransomware recovery | Softcat
Skip to main content

Login to eCAT

Customer Support
Contact Sales

Cohesity and the case for tested ransomware recovery

The organisations that recover in hours share one trait. They practised before the incident arrived
Softcat PPT Background Diagonal Plum Aubergine Gradient RGB Softcat PPT Background Diagonal Plum Aubergine Gradient RGB

The Softcat News Team

Nearly three-quarters of organisations have suffered at least one material cyberattack. Yet only 6% have reached peak resilience maturity, according to Cohesity’s Global Cyber Resilience Report. The gap between confidence and capability is where the real risk sits.

Backup infrastructure has become a primary target. Only 37% of organisations protect all backup data with immutability. When attackers neutralise your ability to restore, they control your options.

UK organisations face this at scale. The NCSC handled 204 nationally significant cyber incidents between September 2024 and August 2025. That represents a 130% increase year-on-year. The M&S ransomware attack over Easter 2025 suspended online orders for 46 days. The estimated profit impact reached £300 million. Recovery is no longer about restoring files. It is about restoring operations safely, in hours rather than weeks.

Clean rooms, AI orchestration, and identity protection

Cohesity approaches ransomware recovery as a platform problem, not a point product challenge. The Cohesity Clean Room Solution creates an isolated forensic environment for incident response. Your team can investigate, identify compromised data, and restore clean systems without risking reinfection. A pre-assembled Digital Jump Bag stores known-good recovery tools in Cohesity FortKnox or SmartFiles. These remain accessible even when your internal network is fully compromised.

Cohesity RecoveryAgent reached general availability in August 2025, adding AI-powered orchestration to this process. It uses blueprint-driven automation to coordinate threat hunting, vulnerability scanning, malware detection, and compliance validation across a recovery workflow. Blueprints are testable. You rehearse them in isolated environments during peacetime. Recovery becomes a practised, repeatable process rather than a scramble under pressure.

Identity infrastructure matters here too. The M&S attack began with the theft of the NTDS.dit file, giving attackers the credentials to deploy ransomware across VMware hosts. Cohesity Identity Resilience, powered by Semperis, defends and recovers Microsoft Active Directory and Entra ID. It scans for vulnerabilities, automatically rolls back malicious identity changes, and enables malware-free AD forest recovery in hours rather than days.

Cohesity’s platform has earned sustained recognition from industry analysts for its approach to backup, data protection, and cyber recovery. IDC named Cohesity a Leader in its Worldwide Cyber Recovery 2025 MarketScape.

One UK NHS trust used the search functionality to restore a critical file in minutes, saving 24 hours of VM restoration time. In a clinical environment, that speed directly supports patient care.

The recovery gap is widening

Traditional backup assumes a clean restore to a trusted environment. That assumption no longer holds. Attackers now steal data before encrypting. Backup alone addresses only half the problem.

The Co-op and M&S attacks in April 2025 illustrate the gap between preparedness and improvisation. Both faced the same threat group. Co-op detected malicious activity within minutes; the rehearsed response contained the damage. M&S lost £300 million. The difference was tested recovery capability.

Regulatory pressure is catching up. The UK Cyber Security and Resilience Bill will require 24-hour notification for 12 regulators with enhanced enforcement authority. The ICO issued £19.6 million in fines during 2025, a sevenfold increase on 2024. Organisations that cannot demonstrate tested recovery processes face both operational and regulatory risk.

How Softcat helps

We hold Premier Partner status with Cohesity, the highest tier available. Our sales, data centre, and technical teams are fully certified across Cohesity’s backup, cyber resilience, and data insights solutions.

Our approach to cyber resilience treats backup, business continuity, and security as connected disciplines. Gary Hawkins, our Chief Technologist for Cloud and Datacentre, is direct on this point. "Integrating BCDR with cyber resilience is a bare essential in the fight against ransomware."

We help you assess your current recovery posture and design clean-room and cyber-vault architectures using Cohesity FortKnox. We build tested recovery blueprints through RecoveryAgent, so your team is prepared before an incident arrives.

Softcat sits on every major UK public sector framework relevant to data protection. This includes G-Cloud, the NHS SBS Cyber Security Framework across all three lots, and NHS SBS Cloud Solutions.

Building recovery you can trust

Ransomware recovery has moved beyond restoring data from backup. It now means investigating threats in isolation, validating clean recovery points, protecting identity infrastructure, and restoring operations through tested, automated processes. The organisations that recover in hours share one trait. They practised before the incident arrived.

Whether you are reviewing your cyber resilience strategy or stress-testing your recovery plans, Softcat can help. We will assess where you stand and build a practical path forward. Please contact our Sales team.