They are loud in the rooms above me rummaging through my possessions. I am recording this podcast in my basement while by house is being pillaged by pirates, searching for booty and other valuable treasure. My options in the basement are very limited. One, I can let them destroy everything in the house and try to rebuild. Or two, pay the ransom they demanded when they broke in. It’s a challenging quandary, but that’s the business of ransomware.
Welcome to Swimming in the Flood; a podcast where we develop the resilient leader’s mindset by navigating difficult currents in business. My name is Trent Theroux.
According to Wikipedia, Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
My company is currently being held hostage by these pirates. They encrypted all our servers, virtually shutting down our entire company. We’re not alone in this type of attack. Over the past month, Cannon USA, LG and Pitney Bowes were hit with the exact same virus. It makes me want to rewatch Captain Phillips so I can see all the pirates get shot.
In 2003, George W. Bush declared, “You’ve got to be strong, not weak. The only way to deal with these people is to bring them to justice. You can’t talk to them. You can’t negotiate with them.” Countries have the luxury of a long timeline to resolve issues. Companies do not.
We immediately contacted a specialist in anti-virus protection. This company was prepared to fly two contractors to our company to begin work immediately to try to disinfect our network. The team arrived the next morning and began to disinfect our network. Our system is now clean as a whistle. But, they were unable to unencrypt our servers. Our systems were clean of the virus, but without our data, the system was useless.
The pirate’s texts to us were front and center. They wanted us to make contact. Over the past few days, I’ve learned more about ransomware than I ever thought imaginable. I couldn’t believe the breadth and scope of this invasive crime. In the 1930s you could at least see the guys you were paying protection and extortion money to. You saw them around the neighborhood. Not so much here. I can’t even tell you if they are from this country (I suspect that they are not) or if they’re in my time zone.
The cybercriminals are intelligent. They devised a software that penetrated one of our computers two weeks ago. Once in, the virus opened doors for more agents to enter. The virus stealthily searched our network to determine which devices were most critical to our operation. Then, when its reconnaissance was complete, the virus struck. First, the virus took hold of our storage devices. This means that I couldn’t access any past or stored data. This is a brilliant strategy because the hackers understand that we simply could buy and configure new servers and reload our data. That option was now removed. Next, the hackers locked down the servers and finally created havoc within our endpoints. The entire hijacking of our system took about fifteen minutes once it was deployed. There was simply no time to respond.
The mantra of “we don’t negotiate with terrorists” should be expanded to “we don’t negotiate with terrorists, until we do.” So that is what we set out to do. We knew that the pirates were demanding more than a million dollars to release our data. And, that they wouldn’t come down to the local grocery store to collect payment. We needed to pay them through bitcoin or some other cyber currency.
Trying to open a bitcoin account is not easy. You’d think that because Albanian gangsters hold people hostage and use bitcoin that every descent citizen should be able to get some? Not true. In fact, it may be the exact opposite. The more reputable you appear the less likely that you will be granted a bitcoin wallet. Frustrating right? I know!
Then we heard about the “negotiators”. Can you see me using air quotes there? There are companies that are in the legitimate business of negotiating with these pirates. They advertise their successes. We hired a Canadian company to represent us in this phase. Signed their contract and off we go.
In both of these cases, I was not concerned with the cost of their services. Here I am, a defender of assets who scrutinizes my grocery receipts to confirm that my Fuji apples received the proper $0.20 per pound discount as advertised, is now signing nearly blank checks to resolve this issue.
I am now going to give you my unscientific, non-peer reviewed, resilient leader theory on earning a premium. Are you ready? Got your pencils out? Here’s it is. Riches are in the Niches. You heard it. Riches are in the Niches.
The cyber defense company showed no compunction when they announced their retainer of $30,000 for 80 hours of work. Simple math, that nearly $400 per hour. They were the specialists we needed and we hired them on the spot. The negotiators gave us a fixed price, but wrote that additional services would be charged at $400 per hour, but that’s in Canadian dollars so I feel that I’m getting a discount.
My point is that in each of these cases, the vendor is so specialized that they are able to command a premium for their services. What they offer is so unique that we consumers, particularly those in direr straits, are willing to pay on their terms. Think about how this connects to your business. Are you selling a commodity that’s determined based on price? Do you offer everything to everyone? The answer to both of these questions for my consultants was no.
Make yourself invaluable to your clients and you can always get your price. Make yourself unique and you will not need to negotiate, people will just write the checks. I can tell you one other company that found riches in the niches. The bastards who are holding me hostage.
Folks, thank you for listening to Swimming in the Flood. Resilient leaders face challenging currents and it is tough navigating, but with one tack or another we can get there together.
If you enjoyed this episode, please subscribe. That way you can enjoy developing resilient leader theories hot off the presses. If this episode seems a little jumbled it’s because we are actually negotiating with the pirates as I type and I need to give most of my focus to them.
You can find past podcasts along with their texts on my website. Please take a minute and check them out at www.trenttheroux.com.
Lastly, if I am willing to negotiate with pirates, I am also willing to negotiate with pirate hunters. If you are one of the Navy SEALs who took down Captain Phillips’ pirates, please give me a call. I’ve got a great job for you.
Thanks for taking the time to listen. See ya