Day Zero
Monday morning. The entire accounting team arrives to find their screens displaying the same message:
YOUR FILES HAVE BEEN ENCRYPTED
All your documents, databases, and backups have been locked with military-grade encryption.
To recover your files, pay 15 Bitcoin ($450,000) to the following address within 72 hours.
After 72 hours, the price doubles. After 7 days, your files are deleted forever.
DO NOT contact law enforcement. DO NOT try to decrypt files yourself.
The company's financial records, customer database, project files - all locked. Years of work held hostage.
How It Started
Three weeks earlier, someone in the company opened an email attachment: "Invoice_March.pdf.exe" - a file disguised to look like a PDF. The ransomware quietly spread through the network, mapping out systems and backups before striking simultaneously everywhere.
The Business of Ransomware
Modern ransomware operations are run like businesses:
- Customer service: Live chat to help victims pay the ransom
- Pricing tiers: Different amounts based on company size
- Guarantees: They actually provide decryption keys (usually) - their reputation depends on it
- Double extortion: Stealing data before encrypting, threatening to publish if you don't pay
The Aftermath
Even if you pay:
- Only 65% of data is recovered on average
- Decryption often corrupts some files
- You're marked as someone who pays - expect to be hit again
- Average total cost (ransom + downtime + recovery): $4.5 million
Prevention is Everything
Especially .exe, .zip, or files with double extensions like .pdf.exe
Many ransomware attacks exploit known vulnerabilities that patches fix
Offline backups are your best defense - they can't encrypt what they can't reach
Early detection can stop ransomware before it spreads