How a Dallas Construction Firm Recovered From Ransomware and Built IT That Scales

A multifamily construction and investment management company in Dallas called us in 2019 because their MSP had been hit by ransomware. The MSP hosted their server infrastructure in a shared datacenter, and when the attack hit, every customer on that platform went down at once. The construction firm’s CEO told us on the first phone call: he hadn’t been able to send or receive email in seven days. His MSP was so overwhelmed managing their own crisis across dozens of affected customers that they couldn’t even address a problem that took us minutes to fix.

That call started a partnership that’s now in its seventh year. What began as emergency ransomware recovery turned into a full managed IT relationship spanning nine states, covering everything from SOC operations and cloud infrastructure to AI consulting and construction site networking.

Seven Days Without Email Is a Business Emergency

When the MSP’s datacenter was compromised, the ransomware encrypted production systems and backups together. The backups were “in-line,” stored on the same infrastructure as the production environment with no replication to an offsite or cloud target. There were no immutable snapshots. No secondary copies in Azure or AWS. When production went down, the backups went with it.

The MSP was dealing with demands from every customer on their platform simultaneously. They couldn’t triage effectively, and a problem that should have been resolved in the first hour sat untouched for a full week.

The email fix was straightforward. If the construction company still controlled their domain registrar account, we could migrate their email to Microsoft 365 and have them sending and receiving again within the hour. They had access to their GoDaddy account, so we pointed their MX records to Microsoft 365 and had the company back on email by 3 PM that same day. Historical email from the compromised Exchange server was still locked behind the ransomware event, but the business was communicating again.

That’s the difference between an MSP in crisis mode and one thinking clearly about the customer’s actual needs. The MSP was focused on their own ransomware recovery across their entire customer base. We were focused on getting one company back to work.

Building Recovery Infrastructure From Scratch

With email restored, the next priority was assessing whether the old MSP could recover the company’s data and standing up new infrastructure in parallel.

We began provisioning new server instances at the RagingWire datacenter facility in North Dallas, now operated by NTT Data. The facility holds SOC 2 Type II, ISO 27001, PCI DSS, and HIPAA compliance certifications, with redundant power, cooling, and network connectivity. It’s the kind of facility where you build infrastructure you don’t want to rebuild.

The new environment was designed with a backup architecture that eliminates the single point of failure that caused the original disaster:

• Primary immutable backups at the datacenter, stored on infrastructure separated from production with immutability policies preventing modification or deletion
• Secondary replication into Azure with daily snapshots, providing a geographically separate recovery point
• Air-gapped retention policies ensuring that even a compromised administrator account cannot delete backup history

Good planning means not paying ransoms and keeping business disruption to a minimum. The 3-2-1 backup rule exists for exactly this scenario: three copies of data, on two different media types, with one copy offsite. The original MSP violated every part of that framework.

Advocating for the Customer During Recovery

While we built the new environment, we also engaged directly with the compromised MSP to recover the company’s existing data.

MSPs in the middle of their own ransomware incident don’t always prioritize individual customer recovery. They’re managing legal exposure, insurance claims, and infrastructure triage for their entire customer base. Our role was to act as the customer’s advocate: making the old MSP understand that we knew the recovery process, that delays would be documented, and that the client’s interests came first.

After 72 hours of coordinated recovery work, we had roughly 90% of the company’s systems restored and operational. The remaining 10% was the historical Microsoft Exchange data the old MSP had been hosting on-premises. Recovering that data took several additional months of work with the compromised provider. Even in 2019, hosting Exchange on-premises for a company this size was difficult to justify when Microsoft 365 had been available and proven for years. That migration should have happened long before the ransomware forced it.

From Crisis Response to Full Managed IT Partnership

What started as a ransomware emergency became a long-term partnership because the construction company saw what responsive, well-architected IT actually looks like compared to what they’d been getting.

Today, this Dallas-based construction and investment management firm consumes the full range of Infonaligy’s managed IT services:

• Managed firewalls protecting every office and site
• IT service desk handling day-to-day support across all locations
• Cloud infrastructure management in Azure with the datacenter environment
• Security operations including EDR, MDR, and SOC monitoring
• Managed backup with the immutable, multi-tier architecture we built during recovery
• Managed print services across offices
• Technology vendor management and hardware standards and fulfillment

The company also has offices across nine states. Infonaligy supports every location, not just the Dallas headquarters. For businesses with distributed operations, having a single IT partner who can manage the full footprint eliminates the complexity of coordinating multiple regional providers.

Solving Connectivity on Active Construction Sites

Construction companies face a networking challenge that most industries don’t: their job sites are on undeveloped land with no existing internet infrastructure. At the start of a major project, you’re working from a trailer on a dirt lot. The permanent fiber or cable installation won’t happen for months.

We engineered a solution using Starlink satellite internet and Ubiquiti UniFi networking equipment to provide site-wide connectivity at every active construction location. Project managers, superintendents, and subcontractors can access project management software, pull up blueprints, and communicate with the home office from day one, not after the site has permanent utilities.

For companies running construction projects across multiple markets, this connectivity gap is a real operational bottleneck. Solving it means crews are productive from the first day on site rather than working around limited mobile hotspots for weeks.

Expanding Into AI Consulting

The relationship has continued to evolve. The same company that called us in a ransomware emergency is now working with Infonaligy on AI consulting projects focused on project management workflows and financial deck preparation for investors.

When your IT partner already understands your infrastructure, your security posture, your data, and your business operations, adding AI capabilities is a natural extension. We’re helping them identify where AI tools can accelerate work they’re already doing, particularly in areas like investor reporting, project cost tracking, and document generation where the data already exists in their systems.

This progression from break-fix emergency to strategic IT advisory is exactly what a managed IT relationship should look like. You’re not calling for help when something breaks. You’re working with a partner who understands your business well enough to bring opportunities to the table before you ask.

What This Means for Dallas-Area Businesses

This story follows a pattern we see regularly with businesses across the Dallas-Fort Worth metro. A company outgrows their current MSP or discovers during a crisis that their provider can’t deliver when it counts. The transition to Infonaligy starts with solving the immediate problem, then evolves into a partnership that handles everything from daily help desk tickets to long-term technology strategy.

If your current provider’s backup architecture hasn’t been independently validated, if you’re not sure whether your backups would survive a ransomware attack on your MSP’s own infrastructure, that’s worth a conversation. The company in this story lost seven days of productivity before they found out their MSP’s backup strategy had a fatal flaw. You can find out before it costs you.