A Ransomware Story

Ransomware is a real threat for businesses every day. In 2021, the number of ransomware attacks on businesses big and small grew to over 620 million. In 2022, over 20% of cybercrimes committed were ransomware attacks.

Ransomware is a form of malware. Through shady emails and holes in network security, malware seeps in and prevents your company’s access to some—or all—of its data.

Customer accounts and personal identifying information is left compromised.

Sensitive company information, too, is held hostage.

Your company is told it has to pay a certain sum of money, or you lose access to your data forever.

Have you considered, though, what this would feel like for a client who comes to your office at the wrong time?

A Ransomware Story—from a Client’s Perspective

A client walks into your business right after lunch. She has a small window of time before she has to be back at her desk, but her account manager called earlier to say she had paperwork ready to sign.

Unbeknownst to her, your company has been hit with a malicious program. In the five minutes before her arrival, all the computers on-site had been scrambled.

The account manager’s first instinct when his client sits down in his office is to explain, apologetically, that he’s having some computer issues. He contacts the IT desk, and the client waits patiently while he’s on the phone. She hears him almost whisper that his screen is blank and that his computer isn’t responding. There’s a long pause as he listens to the head of IT reply, and then he hangs up, excuses himself, and assures the client he’ll be back in a few minutes.

The account manager is back at the IT desk when the ransom message pops up on the IT manager’s screen. This is no standard computer issue. There are attackers demanding money to restore the company’s computers.

The head of IT contacts the company’s president while the account manager walks, hurried but stunned, back to his office. He greets the client and explains that the computer issues will not be sorted out immediately, but he can go over the basic terms of the client’s paperwork with pen and paper to at least tell her what had been arranged. He jots down ideas and explains the terms of the agreement they had been discussing the weeks leading up to today. He continually apologizes that they won’t be able to sign the paperwork today after she made all that effort to come in.

Back at the IT desk, the company’s president had been called. She was on vacation, but after a cautious text message earlier that the office was having “system outages,” when a direct call came in minutes later, she chose to pick up. It was apparent then that this was more than a system outage. The president rushed her family off to the next activity and then whisked back to her hotel room to start making calls.

A few minutes later, the client was walking to the door with her account manager. She felt confused and concerned about next steps. Something felt off. She never did contact the account manager again to close the deal.

The account manager, for his part, never did reach out to tell the client what happened. The company ended up paying the ransom, and they never made a public statement. That kind of alarm from every other client was the last thing they needed.

Risk and Reward of Ransomware

Cybercriminals face low risks in ransomware attacks, but the rewards can amount to tens or hundreds of thousands of dollars per business targeted.

Ransomware attackers also employ carefully-crafted attack patterns that take greatest advantage of small and medium businesses, whose security response capabilities are minimal.

Ask yourself today: how prepared is your company for a disaster, including ransomware?