We are currently experiencing an outage that affects (all of our websites). This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We are working to resolve the issue as quickly as possible and apologize for this inconvenience.
I use a number of tools and online portals to track my fitness and weight loss. I will not mention any company names in this article, but the fitness watch I wear is from a company with a name strikingly similar to my own. I am not naming them because it looks to me like they are having enough trouble without my piling on.
Wednesday afternoon I came in from my jog on Thursday and tried to sync my fitness watch, only to receive a message on the app that read something like ‘Sorry, we are down for maintenance. Please try again later’ Okay, I did. Later I received a message that read something like ‘We are performing scheduled maintenance on our servers, and they will be off-line for several hours on June 24 (Friday).’ All good, I can wait… especially since the fitness watch is still keeping track of my exercise, even though I cannot check my stats or history online.
Something is rotten in the state of Denmark.
Now that we know that the company’s website and portal is down, let’s look at this critically. I am going to ask you to reread the initial quote: “This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats.”
I have been an IT professional for over twenty years, and I have worked with companies of all shapes and sizes, in almost every industry and sector, from governments to dating sites, to multinational conglomerates, banks, pharmaceutical companies… to small businesses baking biscotti… you get the drift, there’s a lot of variety in there. What do they all have in common? When planning downtime, they do their best to minimize the downtime, and they never take down everything at the same time. The only planned reason the company would have downtime that affected their call centers would be a national holiday or some other downtime that had their people off. That is entirely plausible. Downtime where they are unable to receive any emails? There is zero reason for that… none whatsoever…
…except, of course, one reason. This company was hit by a massive attack that took down their entire operation.
According to several online articles, the outage at the company (a sport and fitness tech giant, not to mention a pioneer in consumer GPS devices in the pre-smartphone days where you bought a standalone GPS device for your car) was caused by a ransomware attack. While none of the articles are quoting sources directly, they are all saying that there are several company sources (who are not allowed to talk to the media) with direct knowledge of the incident who have confirmed that the outage is caused by a ransomware called WastedLocker, created by a nefarious organization called Evil Corp.
So far (as of noon, Pacific Time, Sunday July 26, 2020), the company has not made any official statements. Why? I can speculate… but my first thought is that they do not have a public relations department that knows what they are doing.
Despite having spent nearly a year as the Senior Windows Engineer for a major motion picture studio that was hit by a major and very public breach a few years ago, I have (fortunately) never lived through this sort of situation. The attack at that studio happened before my tenure there, and so while I heard many of the horror stories, I was not directly involved. When I was working for Rakuten, one individual’s laptop was infected with ransomware, but all of his data was backed up, and we simply reformatted the machine. There was no exposure beyond the individual machine (which was never connected to the network once it was infected). No harm, no foul.
With all that being said, I would think that the public relations side of things is hugely important. Make a statement, do not keep it quiet. Why? Absent that, the media – as well as the clients – will let their imaginations run free. Was this company hit by ransomware? I don’t know, but from my experience as an industry leader, the outage which is affecting most of their corporate website, their back-end portal, their call centre, their email servers, and their ability to serve their clients certainly points strongly toward a major breach, ransomware or otherwise. This attack (I think it is safe to call it that) has taken them out at the knees, and we are in the fifth day (I may have noticed it Thursday, but it started Wednesday). The company has not made a statement in five days. Watch this:
Our company, which exists to serve its customers, has unfortunately been added to the growing list of companies and organizations that have suffered cyber-attacks. We want to assure our customers, as well as the public, that we have some of the best experts in the industry working around the clock to recover our servers, and to make sure that all of our customer data is intact. At this time, we are confident that while the data is unavailable, it has not been compromised, and no personally-identifiable information (PII) has been stolen or lost.
We have the greatest appreciation for our customers, and know that you lean on our portal, as well as on our devices, to help you with your fitness routines. We assure you that our entire team is working around the clock to restore our services. In the meantime, rest assured that your devices are still collecting your workout data, and when our servers are restored, your workouts during our outage will be added to your profile.
Thank you for your continued trust and support.
It would be as simple as that. Instead, the current line is simply this:
You guys can do better. I hope you get your servers back online soon, and I hope you do so without having to pay Russian hackers (which, according to several reports, is currently illegal as the US Treasury has imposed sanctions on Evil Corp., which would make it difficult for an American company to pay them.
Communications is key. Letting your customers know that you are recovering from an attack will probably have them sympathizing, rather than just wondering when the heck you’ll get back up. Make a statement guys… as a customer for the last year, as well as in my capacity as a high level systems engineer, I know I would respect you more for releasing a statement about what is really happening.