US Biz Closes Doors After Ransomware Attack

US Biz Closes Doors After Ransomware Attack

A US fundraising firm has been forced to close its doors after more than 60 years in business following a crippling ransomware attack in October.

The Heritage Company, based in Sherwood, Arkansas, let its 300 employees go just before Christmas, according to local reports.

“Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the key just to get our systems back up and running,” explained CEO Sandra Franecke in a December message to employees.

“Since then, IT has been doing everything they can to bring all our systems back up, but they still have quite a long way to go. Also, since then, I have been doing my utmost best to keep our doors open, even going as far as paying your wages from my own money to keep us going until we could recoup what we lost due to the cyber-attack.”

The ransomware took out the firm’s accounting systems and mail center so it had no way of processing and receiving funds and sending statements out, she added.

The firm, which describes itself as “the premiere and most experienced professional tele-fundraiser in the nation,” is still hopeful this is not the end of the road after six decades in business.

“The ONLY option we had at this time was to close the doors completely or suspend our services until we can regroup and reorganize and get our systems running again. Of course, we chose to suspend operations as Heritage is a company that doesn't like to give up,” said Franecke.

The incident is a timely reminder of the impact ransomware can have on small- and medium-sized businesses reliant on mission critical IT systems, but which have fewer resources or know-how to mitigate the risk of cyber-attacks.

“It would be easy to say that it wasn’t ransomware which brought about the apparent demise of The Heritage Company, but instead a lack of secure backups and a resilient disaster recovery plan,” observed security expert Graham Cluley.

Source: Information Security Magazine