In 2015 Jon Aronson, the founder of AJ Global Cyber Security Consulting, LLC was conducting a final consulting summary for one of his clients; (let’s call him Ben) a small manufacturing firm in Idaho. During the exit summary session Jon stated to Ben a need for a Cyber Liability Insurance Policy as part of the company’s risk mitigation practices. Ben asked for a recommendation of an insurance carrier and policy parameters but unfortunately, after searching and reviewing several policies Jon didn’t have a trusted recommendation and left it to Ben to pursue.

Ben never followed up to secure a policy.

Fast forward two years to 5 am on the Tuesday after Labor Day 2017. Jon’s phone rang and it was Ben. “Jon, I came into my plant this morning at 3 AM after shutting down for an extended Labor Day weekend and I have a problem. A Big One! I’m unable to turn on my equipment, I can’t start 15 computer workstations, I can’t access any of my bank information, I can’t access my client list, or my materials list and I have no idea who is coming in to work this morning. I do have one e-mail I can open; it’s in broken Russian to English demanding that I pay $50,000.00 U.S. Dollars in Bitcoin by Thursday at 5 PM Mountain Time or they will start smearing my company’s reputation starting with my largest client. (they named the client which was 85% of his gross annual business)

Jon’s response, “How much money can you get your hands on?” Ben’s response, “I can get approximately $35,000.00 but it will drain my daughter’s college fund.”

Jon’s response was “Get as much as you can, I’ll call a friend at the FBI to report the Extortion and get you access to a Bitcoin account. Then we can respond to the Cyber Criminals using the e-mail they sent you and let them know you are working on arrangements. I’ll come to your office as soon as I can.’” Jon ended the call with ben and got in touch with his FBI contact, Tom. Jon shared the details of Ben’s 5 am call. Tom immediately rattled off several action items, “call the FBI Office in Salt Lake, speak to Martin, tell him the facts, he will reach out to the Idaho State Police, they will assist in the coordination of info etc.… As all this was happening Jon was beginning to feel that there was going to be official help from the Federal and State Law enforcement. Then “Time Seemed to Stand Still” when Tom asked, “how much is the ransom?” Very boldly Jon stated “$50,000.00”!

The next words left Jon defeated as Tom simply said “Oh that’s not very much. Just pay it. The Ransome is only $50,000.00, it’s way too small an amount to for the FBI or any other Law Enforcement to get in volved. Tom then went on to clearly say that “There is Nothing the FBI can do to help…. This happens all the time to small businesses. Try to negotiate a ransom reduction and ask for proof that they can and will release the restoration codes as a sign of good faith as you send ransom payments”.

Jon  thanked Tom for the information, then secured access to a Bitcoin account and arrived at Ben’s office with the news.

For the next three days Jon and Ben negotiated the reduction of ransom down from $50,000.00 to $35,000.00, received proof that the restoration codes would reopen each division of the business after paying the cyber-criminal. On Thursday afternoon the last payment was made, and the final code was provided.

The final code didn’t work.

Jon looked at Ben and suggested we remain calm and that we write a polite/ professional e-mail back to the bad guys and explain that it’s probably our fault, but the final code didn’t work. The two minutes after sending that e-mail felt like hours as the e-mail made its way around the globe to wherever the bad guys were and make its way back with the short and clear response of “Stand By”. Again, minutes felt like hours when the final e-mail was received and a statement of. “Oops, try this one. I made a Typo”. We used the correct code and Ben’s business was freed. His company was back online but his ordeal wasn’t over by any means. Remember his plant had been closed since the Thursday before Labor Day Weekend. Eight days prior. He found himself assuring his employees, customers, suppliers, and vendors that all was going to be ok and more info was going to be provided shortly. Ben actually gave his employees extended paid time off with instructions to return to work on the upcoming Monday.

The event took over 9 months of work and cost Ben over a quarter of a million dollars in addition to the $35,000.00 in ransom to finally recover.

Unfortunately, this is a story that we’re seeing in the news weekly. The local, state and federal law enforcement are overwhelmed with stories like Ben’s.

Fortunately, cyber protection for small businesses has advanced and the cost has been reduced. Please investigate cyber defense for your business, your employees, your clients and their customers.