CHAPTER 5Where Were You When the Sirens Went Off?

When it comes to crisis communications, if you always focus on building a relationship with your customers, fans, and followers, you will always find yourself communicating in the right direction.

—Melissa Agnes

Your network has been locked! You need to pay 30 million USD now!

The following was an actual real-life negotiation between a ransomware gang and a $15 billion U.S. victim company that was hit with a $28.75 million ransom demand in January 2021.1

After a few rounds, the victim company counters with $2.25 million, which was met with a scornful response by the ransomware criminals, paraphrased here:

It is very funny to watch a few of your admins trying to install MS Exchange server in 3 days and can't do it. We have encrypted 5,000 of 6,000 of your servers. If we do some very simple calculations, your expenditure is like, let's say $50 per hour, or maybe you are even more generous, $65 per hour, so 24 hours spent to restore one server multiplied by the number of servers encrypted by us, that is like $10 million in just only on labour expenditure.

It is interesting to note how these ransomware gangs have found an effective way to communicate the financial impact of business interruption caused by their cyberattack and demonstrate how their victims will cut their losses by adhering to their demands.

They continued, “But don't forget that you spent all this time on installation and oops you can't even restore any data ...

Get Cyber Mayday and the Day After now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.