Cyber criminals particularly like to target SMEs. Weber Hofer Partner AG also fell victim and saw how their company was shut down from one moment to the next.
The architecture firm Weber Hofer Partner AG in Zurich looks just like what you would imagine an architecture firm to be. High, angled corners with countless windows that let light flood into the converted attic floor and open the space, the interior design is modest and timeless. The classic USM sideboards hold countless rows of folders and construction plans pile up on the desks. If you overlook the numerous computers, you would think they still only work with pencil and paper. But that isn’t the case; without computers, nothing here would work, counters Josef Hofer, founder and owner of the company. This has been clear ever since that Friday morning in spring 2019.
As an employee first tried to sign on to her computer that morning, she was denied access. Not really anything out of the ordinary, it happened quite often. So she contacted her IT support unit. A short time later, however, it was clear: The architecture firm had fallen victim to a cyber attack. “I never would have dreamed that we would be the victim of such an attack. We aren’t that interesting,” says Hofer modestly. The architect isn’t alone in his risk perception. “Many companies bank on a false sense of security. They assume that they have nothing to hide and thus aren’t a potential target for an attack. Accordingly, they often go without cyber security,” explains Tobias Ellenberger from Oneconsult AG, a consulting firm specialized in cyber security. This also plays into the hands of the attackers. So-called phishing attacks, which often occur, are generally scattered on a large scale, without having first analyzed the potential victims in detail.
This was also Hofer’s experience, even though he had taken a lot of measures for digital protection. He had a firewall and his anti-virus program was always up to date. Backups were carried out carefully and regularly, and he had even taken out cyber insurance on the advice of his insurance advisor. Despite all this, a so-called ransomware was able to implant itself in his company server and gain access to the internal data. In most cases, this happens when an employee clicks on infected documents – such as email attachments received. “I believe labeling employees as the biggest risk factor is wrong, however. Actually, with the right training and awareness, they can even be the greatest opportunity to prevent such events,” adds the expert convinced.
“Documents, the archive, email, everything was gone”
Shortly after detection and analysis by the IT company, it was clear that the intruders had already encrypted all the data. “Everything was gone, the documents for our pending projects, the archive, and emails,” Hofer continues. They had already been working on some projects for over ten years. After all, his company doesn’t sell products, it primarily sells knowledge. This made the data loss even more dangerous, since the knowledge was stored digitally. While Support tried to recover the lost data, the attackers offered to lend a hand – but only after the payment of a ransom, of course. The blackmailers greeted Hofer in an email with “Hello, dear friend!” and demanded he contact them to negotiate the terms. He didn’t. “Paying was never an option, we never would have gotten anything back from these fraudsters anyway,” he says firmly. Tobias Ellenberger also advises against entering a deal in the event of an attack. Because: “There is no guarantee that you will get the data back. If you don’t refuse the blackmail, that information could make the rounds and increase the risk for additional attacks.” Hackers are well connected and, like other companies, professionally organized. This makes it all the more important to be aware in advance of the impact of a total loss of data and to take the appropriate measures.
He got off “lightly,” Hofer notes in hindsight. The company only had to close for a few working days, and all the data – with the exception of the email correspondence of the past few days – was restored. And his cyber insurance took on the majority of the recovery costs. Not everyone comes out unscathed, Ellenberger confirms: “There have also been cases where companies were forced to meet ransom demands because they would not have been able to bear the financial damages of the data loss.” Another – and according to the specialist, often wrongly overlooked – aspect is the psychological impact of a cyber attack. “It can be extremely stressful for a team. This can range from feelings of guilt to existential fear.” It is best and most cost effective “if the company continuously does its homework and prepares itself for the most common scenarios,” he adds. However, there is no such thing as 100% security that you won’t fall victim to an attack. But with the right measures, a company can keep its risk of suffering a cyber attack to a minimum.
Hofer filed criminal charges against person unknown with the police, which was required by his insurance. However, there was never any hope of catching the perpetrator. Nevertheless, it is important to file charges Ellenberger affirms and explains: “With every report, the police receives more tips on criminal structures. They are in close contact with international authorities – as a rule the perpetrators are abroad – and this can contribute to uncovering hacker groups.” To ensure he doesn’t become a repeat victim, Hofer has since equipped himself and saved all of his backups on an additional, isolated network, separate from the company's own server. “There is no such thing as free. If you want to protect yourself, you have to invest. And if you are attacked, it certainly won’t be cheaper in the end,” he asserts from experience.