Company shuts down because of ransomware, leaves 300 without jobs just before holidays

Company tells employees to seek new employment after suspending all operations right before Christmas.

phone-numbers-pad.jpg

Special feature

Special report: A winning strategy for cybersecurity (free PDF)

This ebook, based on the latest ZDNet/TechRepublic special feature, offers a detailed look at how to build risk management policies to protect your critical digital assets.

Read More

An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019.

Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before Christmas, via a letter sent by the company's CEO.

Speaking with local media, employees said they had no idea the company had even suffered a ransomware attack, and the layoffs were unexpected, catching many off guard.

"Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically 'held us hostage for ransom' and we were forced to pay the crooks to get the 'key' just to get our systems back up and running," wrote Sandra Franecke, the company's CEO, in the letter sent to employees.

She goes on to say that data recovery efforts, initially estimated at one week, have not gone according to plan and the company had failed to recover full service by Christmas.

Franecke said the company lost "hundreds of thousands of dollars" because of the incident and have been forced to "restructure different areas in the company."

As a result of the botched ransomware recovery process, the company's leadership decided to suspend all services, leaving more than 300 employees without jobs.

Local news outlet KATV reported last month that dozens of employees already filed for unemployment with local authorities even before the Christmas holiday, with many not expecting the company to survive.

No progress on recovery efforts over the holidays

Franecke left the door open for people to get their jobs back, telling employees to call back on January 2 for a status update, in case the IT staff made headway with data recovery efforts over the holiday season.

The same KATV reported that when employees called the company yesterday, they were greeted by a recorded message informing them that recovery efforts have not been successful and that users should seek new jobs.

"Though we have made progress, there is still much work to be done. With that in mind, we do not prevent you from searching for other employment. Please take care of yourselves, your loved ones, and have a happy New Year," the message said.

A former The Heritage Company employee told KATV that they've lost any faith the company is going to ever recover from the ransomware attack.

"Most of us are convinced that they're not going to reopen. I'm pretty sure they're just buying time because they know as soon as they're not going to reopen we're going to have to get a settlement and I think they just don't want us to take them to court," the employee told KATV.

Similar cases

What happened to The Heritage Company is not an isolated incident. Over the past two years, there have been many cases where smaller companies decided to shut down for good, lacking the funds to pay a ransom demand to get their data back or lacking the funds needed to rebuild their IT infrastructure.

For example, in April 2019, doctors at a medical practice office in Michigan decided to shut down their business and retire one year ahead of schedule, rather than deal with the fallout from a ransomware infection.

Similarly, a second medical office, based in Simi Valley, California, reached the same conclusion in September 2019, deciding to shut down all operations after they were infected with ransomware a month before and lacked the funds to pay the ransom.