The NY Times ran a piece about Ransomware a few weeks ago, laying out what it is, how prevalent it is, and how those affected have been dealing with it. Everything changes when you find yourself to be a part of the story. That’s where we found ourselves when we woke up on February 2nd, and it’s not a Groundhog Day we would want to repeat.
What happened? Some person or persons found a way onto our network, planted a program that waited until a time when no one would be working (early Sunday morning), and then encrypted all of the files on every computer, leaving behind a ransom note. It’s the cyber version of a kidnapping.
I’m writing this piece for two reasons. The first is to reassure you that your orders and anything else we keep on record were not affected. Unlike identity theft, the attackers set out to keep our data locked up and held hostage. The second reason for writing is to invite your support, however that looks, in addressing Ransomware as a growing threat. If Ransomware can be used against a small specialty publisher, it can be used against anyone.
Why has it taken us a month to recover? This actor had another surprise in store for us. They found the program we used to back up our system and managed to decipher the code to access our backups with the cloud provider and delete all of them.
So how did we proceed? We have been working with a company that specializes in these matters. They contacted the “threat actor” and negotiated on our behalf. Yes, that means we paid the ransom. While that goes against all that is just and right, it is simply the only way to recover from the attack. Did we pursue other alternatives? Of course we did. What we were told is that the particular encryption was new and had not been broken by any of the people who work in this arena. We did submit a report to the FBI. I’m still waiting for even a confirmation from them. It leaves me wondering why they are not doing more, a lot more, to protect us.
In the last week, we finally restored almost all of our key systems. We are a month behind in sending invoices, but the orders are going out. We’ve had to contact a number of providers by phone in order to keep basics like cell phone service working. Fortunately we’ve gotten a lot of support from our suppliers and our authors.
What’s been the impact on our customers? We had to tell everyone who placed an order that we could not ship. We reached out to dealers by phone, and sent emails to our web customers. We’ve also taken steps to thank customers and ask for their patience and understanding. This is not something we want to be dealing with again, and we’re implementing more ways to protect our systems.
To all of you, and in particular to those who responded with support, we say thanks.