Picture this: It’s 6 a.m. and you’re awoken to several frantic phone calls. Your customers are calling you back-to-back, telling you they can’t access their company websites. As a business owner—especially one that manages the software that is streamlining operations for more than 1,000 flooring business of various sizes and roughly 6,000 users—this is one of your worst nightmares, and for QFloors, it was unfortunately a reality.

“I figured out in about 10 minutes that we were having a problem with our system,” said Chad Ogden, president and CEO of the company. “We have 400 floor covering stores on this particular system, and they all went down at one time.”

The reason? Ransomware, a malicious software which uses a computer virus to hold data hostage until a ransom is paid. Generally transmitted by email or web pop-ups, rebuilding data and hard drives after such an attack can get expensive, especially for companies who have 10 or 20 computers on a system, or in this case, 400. 

Ogden and the QFloors team acted quickly, recognizing within about an hour that this had been a ransomware attack, making the software company just one business that is attacked by a cybercriminal every 11 seconds, according to data shared by BlackFog global cybersecurity company. BlackFog reports that in 2021, it is estimated that damage costs from these attacks will amount to about $20 billion. 

QFloors has enjoyed industry firsts and milestones through the years, one being the celebration of 20 years in business, which it reached in 2019, but this cyberattack will be remembered as one of the company’s darkest moments, Ogden said. 

“You can imagine that this was not one of my best days,” he shared. “That was probably one of the worst days of QFloors over the last 20 years or so.” 

Attacked by one of the top five ransomware groups in the world—which is a ranking earned by how many companies it has attacked and how much money it has made from those attacks—Ogden explained in detail what he now knows about the cyberattack. Prior to the attack, the anonymous cybercriminal group watched the software company for several weeks; monitoring how QFloors ran its business and the programs its customers were using. From there, the attack was intentionally launched on QFloors’ most critical system. 

After encrypting terabits of data (very large amounts), the cybercriminals behind the attack then left an electronic ransom note, informing the software company that it had been attacked by ransomware, and directing it to a password protected site on the dark web, where further instructions would be given on how to make a payment in order to reclaim the stolen data. 

“These groups are very good at hiding, and the crypto currencies that are out there right now have made it very easy for them to get paid without being tracked,” Ogden explained. “So that’s even made it worse because they are demanding money in that form.” 

Since these cybercriminals scope out companies before they attack, Ogden explained that they know about much more than just the computer systems they plan to attack. “That’s the other thing: since they’ve been scoping you out, they know everything about your company. They know who the employees are, they’ve been into your websites. They know how much they think you can pay. So, they can customize the payment.” 

QFloors was faced with a difficult decision that had to be made very quickly: log in as directed for next steps and payment, which Ogden believes would have been in the hundreds of thousands of dollars, reach out to the FBI for assistance, or try to combat the group on its own. 

Fortunately for QFloors and the hundreds of flooring companies impacted by the attack, what happened next is somewhat of an anomaly when it comes to cases of ransomware. The software company immediately got to work, doing its own research over a couple of days, to determine how the cybercriminals were able to gain access to its system, so that they could then remove that portion of the system, thus blocking the cyber group’s entry and access point. The QFloors team was successful in doing that. 

“We knew fairly quickly that we were going to be able to bring everything back up,” Ogden said. “We have millions of sales orders out there, and during this time, we only lost two, and that was because someone put two orders in at midnight, after we’d done the backup. So essentially, we lost no data and we had everybody back up and running within four days.” 

Once the system was back up and running, and things felt safe, QFloors did report the incident to the FBI. “If you get the FBI and the government involved, they come in and take control over what’s going to happen. We didn’t want that. We wanted to be able to control the situation.” 

If this attack would have happed to the company a few years ago, it wouldn’t have survived it, Ogden says. Thanks to some recent changes the company made in how it backs up its data, QFloors is able to walk away from this attack a little shaken but unscathed. 

Ogden hopes others will learn from this. “The bad guys are getting better and we have to counteract that,” He warns. “You have to be doing what’s called disconnected backups, which means once you back stuff up, you have to actually disconnect it from wherever you backed it up from, so that people can’t see those backups.”