Ransomware Takes Down Cloud SMB Payroll and HR Services Company

2019, Breaches, January

Who: Apex Human Capital Management

# of Records:

What was affected: Ransomware attack this week severed payroll management services for hundreds of the company’s customers for nearly three days.

When it happened: February 19, 2019

How it happened: Infected with a destructive strain of ransomware that encrypts computer files and demands payment for a digital key needed to unscramble the data. APEX had just recently completed a state-of-the-art disaster recovery plan that was both off-site out and out of state that mirrored their live system. However, the ransomware went through and not only infected their network but was immediately picked up in their disaster recovery site making switching over to that site unusable.

Outcome: APEX HCM is a cloud-based payroll software company that serves some 350 payroll service bureaus that in turn provide payroll services to small and mid-sized businesses. The company quickly took all of its systems offline and began notifying customers that it was trying to remediate a security threat. Over a series of bi-hourly updates, Apex kept estimating that it expected to restore service in a few hours, only to have to walk back those estimates almost every other time a new customer update went out. Apex hired two outside security firms, and by Feb. 20 the consensus among all three was that paying the ransom was the fastest way to get back online. Apex chose to pay the ransom demand and begin the process of restoring service to customers. The company declined to specify how much they paid or what strain of ransomware was responsible for the attack. Unfortunately for Apex, paying up didn’t wholly solve its problems. The decryption key they were given after paying the ransom didn’t work. Instead of restoring all files and folders to their pre-encrypted state, the decryption process broke numerous file directories and rendered many executable files inoperable — causing even more delays.