May 3, 2025 7p
(WGTD)---A rare insider’s look at a cyberattack on a local company came last week during a panel discussion on how companies can best protect themselves. It was organized by the Johnson Financial Group and held at UW-Parkside.
Ryan Irish—one of the panelists—is the IT manager of TG3 Electronics, a second-generation family-owned company based in Kenosha that produces custom keyboards and other electronics.
One morning last December, Irish was awakened by his phone being blown up by colleagues who were locked out of their work computers. "My first thing to do was clear the cobwebs and try to log on remotely from my house," Irish said. "I realized my credentials were no longer valid. For the IT people here, there is no worse feeling than the pit in your stomach because right away you know what happened," he said.
Hackers had gained access to the company’s servers and had stolen data files. "We basically were a dead ship in the water," Irish said.
Then came the cell phone call. "At about 10:30 in the morning, a very pleasant young woman asked if I was who I was and I said 'yes'. And she said 'have you noticed any changes to your network this morning?' And I said 'as a matter of fact I have noticed some changes.'"
It was "them."
The pleasant-sounding woman demanded a ransom payment in exchange for returning access to TG3’s computer systems. She provided an email address to facilitate negotiations.
In this case, cyber crime did NOT pay.
In the hours and days ahead, Irish and a TG3-contracted recovery team were able to recover all but two weeks’ worth of data, thanks in part to an effective off-line backup system the company had in place. The hackers were not able to gain access to sensitive company and employee information because that data was kept in a separate, more secure system.
Irish said the recovery process lasted several stressful weeks and included a lot of staff overtime.
The investigation revealed that hackers had gained access to the TG3 computer system by fooling an employee into clicking a download link on a "spoofed" web site.
In the aftermath, the company tightened IT protocol, and took on the added expense of hiring a contractor to monitor company servers 24/7. "It was something that in the past we had looked at and decided it was probably not something we could afford," Irish said. "But once you go through something like this and realize the true cost--you're going to pay for it either before or after. I sleep much better at night now."
Irish added that most of his company’s losses were covered by insurance.
-0-