Ransomware

Steven Cesare, Ph.D.

A business owner from Illinois called me the other day to share a horrible story that affected his company, though it began in a very innocuous way. Like any other normal Monday, the owner went to his office to begin his workweek.

One small problem: None of his IT infrastructure was working.

One big problem: All of his IT infrastructure was being held for ransomware by a hacker.

He called me immediately. Reflexively, I asked the owner if his company had Employment Practices Liability Insurance (EPLI) coverage, especially the Cyber Security package. Presciently, the owner had purchased $250,000 of Cyber Security protection as part of his recent EPLI renewal process. Relieved, I directed him to call his EPLI adjuster and follow their claim process.

Next, the most pressing issue was to maintain the company payroll process. Fortunately, the company had sent an employee payroll file to their external accountant six months previously. That file had to be updated manually to meet weekly payroll that was due in three days.

Beyond payroll, the communication plan ensued. Employees were informed to not use their company cell phones; customers, vendors, partners, were immediately contacted and informed of the circumstances, with precise security precautions to take.

Fast forward three weeks in time.

With the passage of time, the owner updated me with key facts along this torturous path:

The hacker took control over the entire IT infrastructure. All computers, printers, tablets, servers, web site, WI-FI, were completely disabled. Absolutely no access points.
By derivation, the company had no access to customer, operations, employee, or accounting files. Absolutely no access.
The hacker demanded $200,000 in cryptocurrency (explain that on your P&L bottom line!) be uploaded to a cloud account before any file access would be restored.
Oh, by the way, the company completed an arduous process of going entirely paperless just a few short weeks prior to the hacking event (i.e., there were no backup paper files available).

Aside from those particulars the EPLI process went as follows:

The EPLI firm hired a cyber security attorney to manage all deliberations.
The EPLI firm hired a Ransomware negotiator (Yes, that’s a real job nowadays) to deal directly with the hacker.
The EPLI firm deployed 5 remote IT contractors at $100/hour each to scour every aspect of the company’s IT infrastructure for 12 hours a day for over two weeks, to identify and eliminate any remnant ransomware capable of crashing the IT system again.
Ultimately, the process was remedied, with all access and files being restored, with $45,000 of ransom being paid.
The entire “out of pocket” cost of the event to the company was “more than $100,000.”

The business owner told me it was the single worst experience he endured in over 10 years of operations.

Looking forward, the owner was encouraged to: (a) hire an external IT firm to monitor his company’s infrastructure security on a formal schedule, replete with ongoing password revisions and weekly backup procedures; (b) consider using encrypted files and a cloud-based account instead of local data storage; and (c) increase the amount of Cyber coverage on his EPLI policy.

If you have any questions or comments about this topic or anything else related to human resources, simply call me at (760) 685-3800.