Has Your Company Ever Been Held For Ransom?

By Rob Wright, Chief Editor, Life Science Leader
Follow Me On Twitter @RfwrightLSL

Imagine showing up at your office on a bright summer morning only to be greeted by the following note written on a whiteboard posted in the lobby, “All network services are down. DO NOT turn on your computers! Please remove all laptops from docking stations & keep turned off — no exceptions.” You soon learn that your company is the victim of a cyberattack, and its network is being held hostage by ransomware, malicious software that blocks access to files and data until a ransom is paid. Not only will you not be able to finish the project you have been working on for the past day/week/ month/year (not today anyway), but you may have to rebuild all of the painstakingly created documents for the project — from scratch. Have you ever experienced such a ransomware nightmare? The person interviewed for this month’s cover feature has.

Sanat Chattopadhyay is the president of the Merck Manufacturing Division (MMD) and an EVP on the company’s executive committee. During the writing of this article, on Tuesday, June 27, 2017, according to an article appearing in the Washington Post, his company was among dozens of businesses affected by a sprawling cyberattack. I was a bit unplugged from the daily news as I was deep in the process of finishing up the article and only became aware when another Merck executive called (regarding a completely different project) to inform me that we would need to reschedule our planned phone call as a result of the attack. I suddenly understood why my recent emails to Merck about the Chattopadhyay article had gone unanswered. So I picked up the phone and called Charlie McCurdy, director of global communications for MMD, to make sure we were still on track for completing this month’s feature. And while I was relieved to be told “yes,” I was even more pleased to learn, albeit briefly, how quickly the 60,000 member organization had rallied to address their current challenge. Because patients in need don’t want to hear that their life-sustaining medicine can’t be delivered just because you can’t send an email. And while cyberattacks are serious, I am confident, given the company’s 125-year history of delivering medications around the globe during stock market crashes, wars, natural disasters, and the like, that Merck will successfully overcome this as well. But will Merck and other companies pay the ransom? If so, what guarantee do they have that, once paid, the extortionists won’t keep coming back for more? Is it worth it?

I have often pondered such questions when reading of Somalian pirates, who from 2005 through 2013, netted $400 million in ransom payments for 179 vessels hijacked off the coast of Somalia and the Horn of Africa. But this is chump change in comparison to the costs associated with ransomware. According to a May 2017 Newsweek article, not only is ransomware on the rise (i.e., mobile ransomware has risen by over 250 percent during the first few months of 2017), but Cybersecurity Ventures predicts the damage caused by various cyberattacks, beyond just the payment of ransoms, will exceed $5 billion in 2017 alone!

If your company has ever had a cyber/ransomware attack, email me and tell us about the headaches that were caused and the solutions you enacted to save your productivity.