Insights
J.S. Held Acquires Clark Seif Clark, Strengthening West Coast Capabilities for Environmental Claims, Disputes, and Catastrophe Response
Read MoreThe Order was signed a week ago. When your team arrived on-site and turned on the controller’s computer, they were greeted with a skull-and-crossbones-themed message:
“Your files have been encrypted. You must pay a $100,000 ransom within 48 hours to regain access to your files. To restore your system, email [email protected] and include your new Account ID Aug2021_246 in the subject line. Payment instructions will be provided.”
This article explains why ransomware threats have become commonplace, the serious impacts of inadequate IT security, and emerging best practices to protect a company from falling victim.
According to securitymagazine.com, global losses from cybercrime exceeded $1 trillion in 2020, with ransom demands totaling over $1.4 billion. The average cost to a company to rectify damage from a ransomware attack approached $1.5 million during the year. It is generally expected that these numbers will increase in 2021, and YTD events indicate this prediction is accurate. In just 32 days:
While high-profile cybersecurity attacks like these make the headlines, most attacks hit small, private companies. In fact, small businesses account for 71% of ransomware attacks [1]. Most are privately held companies like those we take over and represent as receivers and attorneys. After all, investing in state-of-the-art IT security is unlikely when a business is in financial distress. Hence, it is imperative for fiduciaries to understand the leading indicators of cybersecurity threats and how to respond.
Nefarious people worldwide have been hacking into computers for decades. The advent of cryptocurrency elevated hacking to a whole new level. This as-yet untraceable currency enables thieves to receive ransom without payment tracking and—more importantly—prosecution for their criminal acts. You can’t control the existence of cryptocurrency, but you can assess the doorways thieves are using to gain access to systems.
Your onboarding processes for new engagements should include assessments of:
According to a recent Kroll study [2], almost half of ransomware attacks result from exposure through the remote desktop protocol (RDP) or remote access to a private network, with other main exposures being phishing emails and hacking directly into an account, as in the JBS ransomware attack.
According to MalwareBytes, the largest of these categories—RDP Compromise—saw a 500% increase at the start of the COVID-19 pandemic, from 200,000 attacks per day to over 1.2 million.
In addition to the ransom, the costs of a cybersecurity attack include lost revenue from customers and new leads, as well as from being offline. The company will face extraordinary costs by hiring expert IT consultants to assess the damage and remedy the IT infrastructure. Even a modest, 10-employee business could experience a six-figure ransom demand. A $100,000 ransom payment or $50,000 in lost business could be the difference between making payroll to carry the company through a going-concern sale process and ceasing operations due to lack of cash flow.
Your first step must be to assess your company’s risk of a cyberattack. Reassess your IT protocols to protect your business. A cybersecurity threat will directly impact the outcomes of your engagements and could bring them to an abrupt halt, damaging your wallet and your reputation. Also, make sure you have adequate cyber insurance.
Top Industry Targets for Ransomware:
When it comes to the organizations you oversee, they need to be secure enough to discourage hackers. Develop relationships with IT consultants with cybersecurity expertise. Get a roadmap from them for your new engagement onboarding assessment and bring them in when you expose potential risks.
The first two action items are second nature for most of us, but the third and fourth are a bit murkier, potentially requiring a comprehensive understanding of the business and its customers, as well as employee/customer/vendor access to its VPN and more.
Example: In a recent receivership matter, our team performed a complete IT lockdown of a business after securing all access points to the IT infrastructure, including blocking access by former employees and third parties. We then addressed three critical IT tasks:
We also discovered, by reviewing the business’s insurance coverages, that its cyber insurance was limited to a $10,000 rider to its GL policy. If the company was hacked, insurance coverage would be inconsequential. A ransomware or cyber incident would have frozen operations. Instead, implementing the three tasks above substantially reduced the risk of a ransomware attack or other cybersecurity breach. The risk of a costly business interruption event was substantially reduced, allowing us to complete a successful engagement.
The key considerations for protecting against ransomware attacks and their financial impact in the receivership environment are:
The new normal is here, but how will it play out? Will fiduciaries like us have cybersecurity experts on staff in the foreseeable future? Will the government intervene? Is the cryptocurrency market creating an artificially vulnerable security environment for the short term, or is it here to stay?
We would like to thank our colleague Jake Diorio for providing insights and expertise that greatly assisted in this research.
Jake Diorio is a Managing Director in J.S. Held’s Strategic Advisory practice, having joined J.S. Held’s Strategic Advisory Group in October of 2024 as part of J.S. Held's acquisition of Stapleton Group. Jake is a seasoned restructuring expert and court-appointed fiduciary, instrumental in resolving complex turnarounds, receiverships, and loan workouts for operating businesses and real estate entities. He designs and implements strategies to repair fractured relationships among debtors, creditors, and other stakeholders, achieving the best outcomes for all parties. Jake applies his extensive experience as a fiduciary managing projects ranging from solvency analyses to comprehensive receiverships and Chapter 11 restructurings. He works closely with management to assess financial and operational viability and design the optimal path to recovery, which may include recapitalizations, going-concern sales, asset dispositions, and liquidations. He provides clients with key reports throughout the process to facilitate informed decisions.
Jake can be reached at [email protected] or +1 213 235 0609.
As businesses continue to rely on computers and digital storage of important data, cyberattacks are a growing potential threat. According to an August 2025 report from Statista, the number of monthly ransomware victims grew 381%...
In this article, we will be examining the technical and business impacts of a ransomware attack and what steps should be performed after ransom payments have been made. We will explore the common errors most...
The modern security ecosystem is diverse and ever-changing, a place where cyber risk is top of mind for leaders at all levels, and threats to information / data security and privacy evolve at the speed...