author photo
By Clare O’Gara
Wed | Mar 11, 2020 | 10:15 AM PDT

We all know that ransomware attacks are bad for any organization.

They're costly, they put customers at risk, and they can damage your reputation.

But there's also a factor in ransomware attacks that gets less attention: the impact on employees.

How does ransomware affect employees?

When Evraz, a steel manufacturer, experienced a ransomware attack early this year, the event "impacted operations in all of Evraz North America."

Although no personal information from employees or customers was accessed during the attack, it hit them in their pocketbook.

One example is what happened to employees at the Evraz steel plant in Regina, Saskatchewan, Canada.

According to the United Steel Workers Union:

"Today the Union was informed that the Steel Division shutdown that was scheduled to begin at the end of March has now been started today because of the Cyber attack of Evraz on March 5, 2020."

The company issued a temporary layoff for everyone in the Steel Division.

The impact also hit employees in the Pipe Fitter Division:

"As of today the Company plans to lay everyone off starting March 12 18:00 for two weeks until they can resolve the issues surrounding the Cyber attack."

That's a lot of time off for a ransomware attack, and it will feel longer for anyone trying to support themselves and their family.

A growing trend: losing your job after a ransomware attack

It turns out that losing work and pay to a ransomware attack is a growing trend, and sometimes the impact is worse than a temporary layoff.

Ransomware attacks can be devastating to dentists and medical clinics.

SecureWorld covered the story in October, explaining the three options that doctors are usually given in the event of a ransomware incident:

  1. Lose all patient information. Can you imagine your medical history, suddenly gone? Can you imagine being a doctor trying to care for patients when their medical data is unreachable?
  2. Pay the hacker ransom for keys to hopefully unlock medical records. The FBI says it's about a 50-50 scenario here. Sometimes you pay the hacker and the digital keys they give you work, and sometimes the decryption keys they give you do not work. 
  3. Throw in the keys. As in quit, or retire early.

In the face of these choices, some are making the difficult decision to shut down operations, permanently. Wood Ranch Medical in Southern California chose that option:

"Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records. We will be closing our practice and ceasing operations on December 17, 2019...."

The age-old question: to pay or not to pay?

Because of the serious nature of ransomware consequences, a growing number of companies are paying hackers.

SecureWorld covered this rise in payments earlier this year. More than half of ransomware victims now opt to pay the ransom.

But what are they getting?

Proofpoint uncovered the truth of the matter.

Researchers found that nearly 70% of organizations successfully got their data back following a ransomware payment—the decryption keys worked.

But that's where the story grows dark. Look at what happened to the other 30% of those who paid a ransom.

  • 22% paid the ransom and never got access to their data.
  • 10% paid the ransom and then hackers demanded a second ransom from their organization.
  • Some organizations paid the secondary ransom demand and generally gained access to their data.
  • Most organizations in this position walked away with nothing at this point, refusing to pay a secondary ransom.

This data reveals that negotiating with cyber criminals is like a roll of the dice.

Want more information about the Evraz ransomware attack? Check out the article here.

Tags: Ransomware,