Brian Balzer remembers the exact moment he realized his company was under attack: It was just after Labor Day weekend in 2021. 

“I got a phone call at about 4:30 in the morning saying, ‘Something seems wrong. I’m getting an error saying file locked,’” Balzer recalled. 

File locked. To most people, this wouldn’t mean much (maybe try turning the computer off and turning it back on?), but Balzer heads cybersecurity at G&J Pepsi, an Ohio-based bottling company, and “file locked” set off a massive alarm. 

“I knew immediately we were under attack,” he said. Specifically, a cyberattack. 

Cyberattackers will look for a backdoor into a company’s network. Once in, they spread through the system. Balzer knew he had to act quickly.

“I made the decision to shut everything down,” said Balzer. “All the servers, the whole environment. Just shut it down.” 

Balzer hoped this would stop the contagion from spreading. Then, he and his team of 10 sprang into action: jumping online to see how bad the attack was and jumping in cars to check out the physical machines. 

And at one of G&J’s offices on one of its computers, there it was — a message. It read: “You’ve been attacked by Conti ransomware.”

“And we will not unlock your files until you pay us the demanded ransom,” Balzer recalled. 

Even scarier than the ransom note were the criminals who had written it: Conti ransomware was a well-known group of Russian hackers. They were some of the most feared cybercriminals on earth. At one point, they shut down the government of Costa Rica.

Balzer said Conti didn’t specify a ransom amount in that first note, but he knew they had squeezed millions — even tens of millions — out of previous victims. And he was determined G&J would not be one of them. 

Balzer ignored the ransom note and told his little team to do what they had practiced: isolate the contagion, shut everything down, then rebuild the system through backups in the cloud.

But as Balzer was working, this thought kept creeping into his head: There were 2,000 employees counting on him.

“I thought, ‘My God. The company could potentially be shut down if I don’t get this fixed,’” Balzer recalled. “‘People’s livelihoods and their families are at risk. This falls on my shoulders because the company’s future could actually come to an end if we don’t fix this.’”

A family-owned company like G&J Pepsi might seem like an unlikely target for cybercriminals. It’s not a flashy company; it puts Pepsi products into bottles for distribution. It’s a successful, medium-sized business that’s been humming along since the 1920s. But these are exactly the kinds of businesses cyberattackers are after: Companies that have money and are likely not expecting, or prepared for, a cyberattack.  

But nearly half of small businesses are expected to experience a cyberattack this year. 

Jamie MacColl is a research fellow at Royal United Services Institute, or RUSI, a London-based security think tank.  He and a team of researchers recently published a study on the cost of ransomware attacks for smaller businesses.  

“It’s everywhere,” said MacColl. “Since I’ve done that report, I got talking to someone in my local coffee shop, and it turns out they’ve been a victim of a ransomware attack recently. It doesn’t have to be a multinational bank or some very large company. Anybody can be a victim.” 

And for small businesses, many of those victims won’t survive. A study out of the U.K. found more than half of small businesses didn’t survive a cyberattack. MacColl said we’re thinking about cyberattacks in the wrong way.

“People sometimes talk about cyberattacks as if they’re like natural disasters,” said MacColl. But they’re not, he stressed. Cyberattacks destroy people’s businesses, credit and livelihoods.

“The kind of allegory for this is a group of organized criminals walk into a business with guns and say, ‘You’re not going to be able to function until you pay us money,’” he said.    

MacColl hopes his report will help inspire better laws and policing  and more support for workers and small business owners, because the stress and psychological damage are real. Some business owners brought in PTSD counselors to talk with workers, MacColl said. A couple small business owners even told him they felt suicidal following the attack.

“ It can feel very existential,” said MacColl. “You’ve built your company up out of nothing and suddenly you’re faced with either paying a criminal or your business folding.” 

And even if you survive, said MacColl, the costs can be high for business owners and workers. Brian Balzer and his team worked tirelessly for weeks after the Conti attacks, napping in the storage room, barely seeing their families.

G&J brought in an outside forensics team for support and offered complimentary credit monitoring to employees who might be worried their personal data had been compromised. 

Business was never interrupted — no orders were missed or even delayed. And after about six weeks, Balzer realized he had won. He and his little team had fought off one of the most feared cyberattackers on earth. Still, the victory was bittersweet.  

“In some ways it seems like a failure,” Balzer said. “Even though we were able to combat it, it still hurts. It still bothers me, right?”

Between overtime, outside help, credit monitoring and other precautions, said Balzer, the attack cost G&J about $25,000. 

They later realized Conti had gotten in because Balzer and his team took a few days to install a Microsoft security patch. And that tiny delay over a holiday weekend was all it took for Balzer to get that phone call: File locked.

Stories You Might Like

Cybercriminals had a good 2022

Cybercriminals are attacking supply chains, but why?

Pay a ransom, get your data back

Ransomware: Should businesses pay up?

Massive ransomware attack in Europe all but promises more to come

Your computer’s security updates may be annoying, but they’re crucial