Printing house halted by cyberattack
“On paper, we have frameworks for every stage of a cyber incident. In the real world, those plans often fall apart at the first point of pressure. Listening to the people who have lived through these moments is the only way to understand what resilience actually looks like, and how we can strengthen it.”
Chairman of the Board at Jelgavas tipogrāfija, a European printing house, recalled the morning in June 2025 when a ransomware attack upended the company.
The first sign came on paper.
“It was a regular Monday morning. I was driving my usual 35 minutes to work, already switching my mind into planning mode. Everything felt wrapped in that quite mundane calm of early summer.
Halfway to the office, I received a call from a colleague. He came across as uncertain, explaining he needed to print an invoice and deliver some book orders, but there was a problem with the computers. The order was for one of our long-standing partners, so we decided to handle it the old-fashioned way: write the invoice by hand, deliver the books, and fix the paperwork later. At that moment, it felt like a small inconvenience.
I read a WhatsApp message from our IT team. A single sentence: ‘Unfortunately, we are facing a very serious problem and it’s going to take a long time to fix.’ That’s when I realized this was going to be something bigger than a random technical glitch.
I pulled into a gas station and wrote in our internal chat that a virus had hit our network, and that IT was working. I was hopeful everything would be fixed by the evening but still bought a few bottles of water. I had a feeling it might be a long day.
The reality hit me when I arrived. The same message was displayed over and over again on all 26 printers. In the administrator’s office, the team looked distraught. They were trying to make sense of what had happened. By lunchtime, we understood the scale: nothing in the printing house was working. Emails, the company’s core business processing software, printing systems, phones and even accounting—everything was down. We were left with mobile phones and a few computers.
Reflecting on this incident: Were we ready? Definitely not. But we acted. We did everything we could. It was not easy. We acted under stress, with incomplete information, and with the realization that this crisis would not be over quickly.
Recovery took longer than we ever imagined. Accounting came back in two days. Email in a week. Printing in two weeks. Business processing software: months. Five months later, we were more or less back on our feet.
What was our resilience lesson? No one had stolen our skills. No one could encrypt our craftsmanship. And no one had erased our love for what we do.”
Māris, Latvia
The cybersecurity expert brought in to respond to the incident described the situation when he first got involved:
“When I stepped in, the first question was the scope: what systems and data can we trust, and which ones only appear untouched but may be compromised? In a crisis like this, a certain paranoia sets in. You start suspecting every system and every machine.
Then came some hard choices: shut down completely or keep running. It is a security versus business operation dilemma. For a manufacturing company, the decision to shut down is hard because its business depends on continuous physical production.
Stress in these situations makes everything harder. When people get tired, they make mistakes. What helped was that the company established deep trust with its clients and partners over many years. When the crisis hit, those clients didn't run away; they stayed supportive. Internally, the culture held strong. Employees adapted and worked extra hours. A crisis team of internal and external experts needed to be coordinated under pressure.
Containment of the damage is only the beginning. Eradication effectively means trusting nothing, cleaning without compromise, sometimes rebuilding from scratch instead of patching. Even when you get the data back, you are not safe yet—attackers may still be inside your systems.
Recovery is a race between speed and safety, and every decision helps someone and frustrates someone else. While the business wants to move fast, security needs time.
What impressed me was that they refused to take shortcuts. They used the crisis to change what had failed and rebuilt with security in mind. By accepting that cybersecurity is an ongoing process rather than a one-time fix, the recovery ultimately made the company more resilient than it was before the attack.”
Pauls, Latvia