Snowtime’s chairman Mike Withers re-counts the morning in mid-September when he was told that his entire company’s I.T. system had been hacked by a Russian criminal gang
At home one morning in mid- September I was engaged in a Zoom call on Council business when my mobile phone rang. I could see It was from Sara Murray, Transcon’s managing director. She knew that I had scheduled a Zoom meeting at that time and wouldn’t interrupt me with something trivial. I answered, muting the Zoom.
‘Mike, we have a problem’ she said, unwittingly echoing the famous “Houston we have a problem” to Mission Control from Apollo 13.
‘We have been hacked by a criminal Russian gang, they have encrypted our entire i.t. system rendering it totally inaccessible and are demanding a ransom to release it. Nobody can do any work, we are completely shut down’.
“What! Right, I’ll be there in ten minutes”.
When I got to the office I was met by a completely stunned workforce. It was our peak season, we had a warehouse bulging with Christmas goods and several containers arriving daily. We had no email, no access to our customer’s orders, no accounting information, no knowledge of where the goods were to be delivered and no idea of where in the warehouse products were located. Nothing could be picked or dispatched, even if we knew which customers wanted which goods, and we didn’t. The accounts department didn’t know who had been invoiced for goods already dispatched as we had no creditors or debtors ledgers.
I quickly determined that we would not treat with the criminals, we would not reply to their blackmail. I remembered the old Kipling line “once you pay him the Danegeld you never get rid of the Dane.”
We set about trying to piece things together. Luckily, Sara had always insisted that staff keep hard copies of our orders. Lucy Bool, our finance director, had reports that she’d had printed the previous Friday.
The warehouse staff began to pick and collate orders, but it was very slow as they had to rely on their memories of where a stock item was located. Everything had to be done manually, even delivery notes needed to be handwritten. It reminded me of the early days, 30 years ago, before we could afford computers.
We reported the situation to the National Cyber Security Centre, the government body that deals with cyber crime and informed the police, who were very active as soon as they realised the seriousness of the attack. We also contacted several companies that offer their services in dealing with these matters but they gave us no confidence that they would be able to restore our files.
We took the decision to forget the infected server and start again, sourcing a completely new system.
We asked the staff to work through the weekend and perform a full stock take of all Christmas goods. Garden furniture could be ignored for now since nobody was buying sun-loungers in September.
Once staff had got over the shock everyone set to, determined not to let the criminals ruin our business.
Our I.T. staff sourced a new system and installed it within two days. They had it running in an extremely rudimentary fashion but at least we could print invoices. Every day saw progress but there was much to be done. Sara had to protect the i.t. people from diligent staff, all of whom wanted their modules working on as a priority. “Can it print picking lists yet? delivery notes? statements?” “Can it allocate stock?”. “My customer wants to know when they will be getting their delivery, what shall I tell them?”
As we had been using the old Microsoft system for twenty years, all the admin staff had to learn new procedures. Until one goes through something like this one doesn’t realise how complicated a business we run. Just to construct a functioning costing module has taken weeks of coding. To calculate freight rates from all the different ports, duty rates on myriad items, currency exchange etc. etc. Putting in a new i.t. system would take 12 months in the normal run of events, we did it in a matter of weeks, albeit in a basic form.
As I write this in December and look back on the season (our peak Christmas delivery season is August to October) I am proud of the way in which our staff, after the initial shock, performed miracles to “keep the show on the road”. Our deliveries were on time and our customers were unaware of the problems we faced. As Sara said, “if we can overcome that, we can overcome anything.”
I learned that we are not the only business to be attacked in this way. Many schools, and public bodies have been targeted. One school in our area received a demand of £1,000,000 from the ruthless Russian criminals. This problem will not go away, businesses are under relentless attack. My advice is to make sure systems are as protected as possible and have a contingency plan. You may think you are invulnerable, so did we.
For more information visit: www.snowtime.co.uk
