It started like any other day, but within hours the IT team was scrambling as the business ground to a halt—victim of a ransomware cyberattack that popped up a ransomware notice, locked the company’s servers, and triggered a chain of system shutdowns that brought the entire business to a halt.
Executives moved quickly, engaging the cybersecurity remediation team at Accenture to help understand and resolve the problem—but it was only the beginning of a major cleanup effort that would see a joint project team of about 30 people working 24/7 for three weeks straight.
“It was an intensely cumbersome process to go through,” recalls Mark Sayer, AAPAC lead for cyberdefence at Accenture, who directed a broad technological response during which security analysts uncovered an extensive cybercriminal operation that had been preparing to strike for six months.
“We were working 17-hour days,” he recalls, “and I would literally get off the phone, go to sleep, wake up, and get back on the phone. We did that for three weeks without a break, and no weekends.”
While there was strong and continuous support from executives at the victim company—an Australian firm with 5,000 employees that Sayer describes only as ‘Purple Ocean’ — the process of figuring out what had happened, and how to fix it, was a learning experience for a company that was generally focused on keeping the lights on.