Imagine your average weekday morning—let’s say it’s a Tuesday. You walk into your office, yawning and nearly dropping your coffee as you remove your bag. When you sit down at your desk, you notice something feels off. In fact, it feels really weird.
You walk to the corner, look down the hall, and notice that IT’s corner of the second floor is empty. The lights are off, and every single computer in the IT security, development, and help-desk sections of the office is powered down. Usually, the whole technology crowd is all here before you—but not today.
You feel tense without your friendly office tech buffers—I mean, buddies. You can hear Steve and Hadija from accounting talking nervously a few cubicles away about the tech crew’s absence and what it means for the company. As you set a mental reminder to carefully type in your password to avoid getting locked out of your account, you wonder what could go wrong in the next eight hours. Before this day is over, you’ll wish you never asked.
Oops—worst day ever
After typing in your password, you’re immediately hit with a strange, black-box square in the middle of your desktop that takes up the whole screen: “Oops. Your important files have been encrypted with the WannaCry virus.”
As you scan through the message, you realize you’re not going to be getting much done. Not anytime soon, at least. The message explains that your files have been locked and your data will remain encrypted until you send $300 in bitcoins to an email address. Well, shoot. You definitely don’t have a company bitcoin credit card, if such a thing exists, which leaves you with exactly one option. You rush to your manager’s office to explain that a money-hungry black box has taken over your computer.
On the way to your manager’s office, you notice you’re not the only one who’s been hit by an expensive demand for bitcoins in exchange for decryption. Before long, you and your coffee are in a conference room so crowded it’s standing-room-only, where it’s clear that everyone in the entire company is locked out of their apps and spreadsheets.
Your desperate manager begins tasking the team with duties that aren’t anywhere near a part of your job description. Your task for the next few hours is to park yourself near the second-floor elevator and inform anyone who’s coming in late for the day to avoid powering up their computer and finding their files locked. Ursula and Saheed, the team socialites, begin sending emails and texts to your coworkers who telecommute to explain that all meetings are officially canceled.
You nervously pace back and forth near the elevators as coworkers slowly trickle in. Apparently, your printers are down, too, but that’s a good thing. Your IT team installed those fancy new self-healing printers that shut down to protect against these types of security incidents. At least that’s one endpoint you don’t have to worry about. While your emergency job duties are far from ideal, you feel a lot worse for your colleagues tasked with answering the phones and explaining to customers that you can’t actually access their accounts—and yes, you realize your app is down, because it would appear that your servers are all locked up, too.
There’s nothing worse than a workday with nothing to do. You hear whispers that your CEO’s called in the crisis team from the PR agency to develop a message for your customers and the press. This is pretty serious stuff, indeed. The tension is palpable as you sit at the conference table with literally nothing to do but wait and wonder if you’re even going to have a job in a few days—with 5,000 employees worldwide, the price tag attached to regaining access to your data is steep.
IT security to the rescue
Finally, the best-case scenario occurs. The IT team arrives on site, explaining that they’ve been away doing an unrelated training exercise—completely unaware that the business has fallen prey to a ransomware attack. Luckily, your IT heroes have a secure backup of all your company’s data that can immediately restore your locked computers to their initial state.
It isn’t long before your company’s crisis is officially over—and you’re now sitting down at your computer at 2 p.m. to start the workday you believed would start rolling along at 8 a.m. In the days to come, you learn that the infection was traced back to Steve in accounting’s decision to start Tuesday’s workday at 8 a.m. sharp by clicking on a link in a phishing email.
There’s nothing worse than the ransomware-disaster-that-almost-was to make you appreciate how hard the IT team works to adopt secure measures and technology, like self-healing printers, and perform work that is rarely noticed, like secure off-site backups your hacker attackers couldn’t touch.
In the post-WannaCry and Petya era, threats of a virus that could both completely lock and jeopardize your data, spreading silently through your company’s network, are all too real. Whether you’re just a technology user or an IT hero, preparing for these worst-case scenarios isn’t prepper behavior. It’s downright pragmatic.