Food Company Frozen
On a Sunday, the call came in—the worst possible timing for a ransomware attack to land. By Monday, the scale was clear: hundreds of machines encrypted, backups compromised, and a food processing company bleeding revenue with every passing hour. What followed was a months-long unraveling of a breach that had, in fact, begun three months before anyone noticed.
“ We got a call on a Sunday. A food processing industry partner was under a ransomware attack. Sunday is generally the worst timing. Weekends are a quiet period, with fewer people available to provide support during the incident. Government authorities and assistance channels are on downtime. The company’s operations were already grinding to a halt.
On Monday, we could start proper communication. The scale of the incident became clearer: hundreds of machines across the company’s production network were encrypted. Back-ups were poorly segmented and likely compromised. The financial impact was significant, every lost day was a direct hit to their revenue.
“The financial impact was significant, every lost day was a direct hit to their revenue. “
Our first task was to gather relevant information, to identify which devices were affected and what data was lost. This proved to be extremely difficult. Logs were incomplete or encrypted. Communication with the company went back and forth. Requests for information from us had to be precise. When the returned evidence did not match what we needed, we had to repeat the process entirely. This slowed response.
This entity was considered critical, which meant a higher level of stress for us, more pressure to produce results quickly. As a responder, you gradually become more tired, you overlook more things, and going into the weekend, different colleagues take over and jump into the ongoing communication. That’s never easy. The process of getting back online would stretch into weeks. We identified weak points and potential causes of the incident. Early signs lead to leaked passwords and publicly exposed, vulnerable services.
“The process of getting back online would stretch into weeks.”
We always advise against paying the ransom—there is no guarantee the data will be restored, and the company can end up in even bigger financial loss. The attackers seemed to sense this and leaked data on the dark web, some of which was potentially sensitive.
The full recovery stretched into months, even a year. Later analysis revealed that the company may have been compromised three months earlier. This is not unusual to see, quite the opposite. Following the attack, the company had rebuilt much of its digital infrastructure.
This experience left a lasting impression, also because of the stress the attack sent across the company and across the emergency response team. Sometimes, the most critical lessons come from seeing first-hand how quickly things can spiral, and how much it costs in recovery when they do.”
“The full recovery stretched into months, even a year.”
Kārlis, Latvia