Cyber Incident Victim: The Heritage Company
Date:
Oct 2019
Location:
United States of America
Summary
The Heritage Company, a telemarketing firm, ceased operations following a ransomware attack that encrypted its systems, forcing payment to obtain decryption keys. Despite initial recovery estimates of one week, prolonged technical difficulties prevented restoring full services, resulting in hundreds of thousands of dollars in losses and internal restructuring. The inability to recover critical data led to the suspension of all business activities, terminating over 300 employees shortly before the holiday season. Subsequent updates confirmed unsuccessful restoration efforts, with displaced workers advised to seek alternative employment. Former employees expressed skepticism about the company's ability to resume operations, viewing the closure as permanent despite leadership's tentative reassurances.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Heritage Company, a Sherwood-based telemarketing firm, suffered a ransomware attack approximately two months before Christmas 2019 that crippled its operations. CEO Sandra Franecke disclosed in a December employee letter that malicious software had held company servers hostage, forcing the organization to pay ransom to obtain decryption keys. Initial recovery estimates projected systems would be restored within one week, but technical complications prevented full service restoration by late December. The company incurred hundreds of thousands of dollars in losses from both the ransom payment and extended downtime. Despite attempts to restructure operations across different business areas, recovery efforts failed to stabilize the organization. With critical systems still non-functional near Christmas, leadership suspended all services indefinitely, resulting in immediate layoffs for over 300 employees. Many workers received no prior warning about the cyberattack or impending job losses, with local reports indicating dozens had already filed unemployment claims before the holiday shutdown announcement.
Franecke initially instructed employees to contact the company on January 2, 2020 for potential reopening updates, suggesting IT staff might achieve recovery breakthroughs during the holiday period. However, callers received a recorded message confirming continued operational failure and advising workers to seek alternative employment. The message acknowledged partial progress but emphasized insufficient system restoration, formally releasing staff while offering New Year well-wishes. Former employees expressed skepticism about revival prospects to local media, with some alleging the prolonged closure aimed to avoid legal obligations regarding severance or settlements. This incident followed patterns observed at other small businesses during 2019, including two medical practices in Michigan and California that permanently closed after ransomware attacks depleted their financial resources. The Heritage Company's collapse demonstrated how failed recovery efforts following ransomware payments could trigger operational termination rather than business continuity, particularly among organizations lacking infrastructure redundancy or emergency funding reserves.