Pink Slips and Ransomware: Employee Layoffs Are the Unrecognized Carnage of Encryption Attacks

Many gigabytes of data have been accumulated on the total cost of enterprise ransomware. Most know by now that ransomware causes devastating business interruption (which can lead to losses of between $300K-$100M per hour, as just one of many incident-related costs). What is more seldom spoken of, written about, or tallied is the devastating effects on the company’s employees.

As ransomware restoration professionals, one of the hardest things we witness is the “Pink Slip Phenomenon” of ransomware. Too often, ransomware can lead to eventual or almost immediate employee layoffs. One survey revealed that 29% of ransomware victim organizations were forced to lay off employees; another 26% were forced to shutter the business (meaning, of course, total job loss). Consider this scenario: A mid-sized hardware manufacturer is struck by ransomware. All global virtual servers are encrypted, and all backups destroyed. Despite paying the ransom, the decryption key does not work; so, their licensed, proprietary software is—poof!—gone, apparently unrecoverable. The executives, realizing that manufacturing will no longer be able to offset payroll, quickly begin to plan and process layoffs to minimize losses.

While the details of this example may have been obscured for anonymity, this is an actual case we have encountered. Yes—the financial losses of ransomware are catastrophic on enterprises of all sizes, and I am in no way minimizing those impacts. But I also empathize with the many thousands of employees that have lost their livelihoods quite suddenly, as well as the executives who were forced to take those drastic actions to satiate a threat actor’s profit motive.

Ransomware Through the Employee Experience

When ransomware strikes an enterprise, effects can span from isolated systems/servers to complete shutdown of all global systems (or anything between). In many cases, communications via email, instant messenger, or any other standard form are completely halted. Business leaders are hamstrung in their ability to contact their employee base to explain what is happening, why their systems no longer work, or calm concerns about what next steps may be. This is an unsettling time for employees and a powerless feeling for leadership. Without a business continuity plan in place to communicate in event of systems unavailability, leaders are forced to scramble, finding alternate ways to spread the news via ad hoc phone trees or personal email, diverting their attention away from the immediate, emergent malware resolution.

In our experience remediating ransomware attack cases, over 90% of ransomware attacks today involving data exfiltration. Often, sensitive personal information about employees and executives is included in the data taken from the business, and threat actors threaten to publish that data or sell it if ransoms are not paid. This makes ransomware feels personal to employees and leaders alike—not only is the business under attack, but so, too, are the people who make it successful.

If the business lacked proper controls such as immutable, redundant backups of corporate data that could be restored—layoffs and business insolvency are a too-frequent conclusion. No business leader wants to notify employees that their jobs are terminated without cause or notice, for reasons out of their control. Many times, the leader knows that they could also lose their positions because of the attack.

What Can Leaders Do to Protect Employees?

The best defense against the company and employee affects of ransomware is to be proactive—implement strong controls before a threat actor can strike and have a detailed plan to react quickly in the event an attack occurs anyway. Companies would be well advised to: 

• Have a ransomware resilience assessment performed on systems and backups to understand any gaps you have in your defenses and in the recoverability of data should an attacker be successful in gaining a foothold in your environment.
• Have a complete, tested Business Continuity/Disaster Recovery (BC/DR) plan in place. This plan should have specific scenarios for ransomware attacks, including who to contact immediately, which third parties to involve, how to contact employees in the event of total systems disruption, and how you would restore data should your primary data stores be affected.
• Be ready to contact a restoration partner immediately in case your systems are down. Do not try to restore on your own. There are many techniques to restoring affected systems and doing it wrong could permanently damage data. Quickly restoring could ultimately save jobs, as well as prevent costly business interruption.

Issuing pink slips is not something CEOs and senior executives ever want to do. We’ve seen it happen and empathize with both the leaders and the affected employees. But there are methods to prevent it and avoid it. In the case mentioned above of the hardware manufacturer who lost their proprietary software: after several days of working to restore lost data, a solution was found, and the company was able to notify employees that they could keep their jobs after all. With rapid restoration strategies, there are some happy endings and jobs saved. It just requires taking the right action at the right time.

Written by Heath Renfrow.
Have you read?
Largest Hotel Chains in the World, 2023.
Best Residence by Investment Programs for 2023.
International Financial Centers Ranking, 2023.
Best Citizenship by Investment (CBI) for 2023.
The World’s Most Valuable Unicorns, 2023.
Ready to join the CEOWORLD magazine Executive Council– Find out if you are eligible to apply

This report/news/ranking/statistics has been prepared only for general guidance on matters of interest and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, CEOWORLD magazine does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

Email Address*

Name