When Phillip Nguyen’s phone buzzed early Sunday morning, he knew his day off was about to become incredibly busy.
As the IT manager of AggreGREAT Alberta, a bustling paving company, Nguyen was accustomed to weekend work, but this was different. Moments after being bombarded with alerts about suspicious activity on the company servers, his phone rang.
It was AggreGREAT's HR manager sounding frantic. Nguyen listened anxiously as she described her computer's state: a locked screen with an error message, warning about encryption, a "begin the decryption process" button and a countdown to a doubling price for decryption—the clear signs of a hack.
The HR manager recounted her actions from the previous day. She’d gone into the office Saturday afternoon to sort through a batch of resumes in her inbox, downloading attachments without reading the emails.
However, when she started reading the files, she found an unreadable Word document traced back to a poorly written email that seemed like spam. She admitted recognizing red flags but thought she'd dodged a bullet. It wasn't until she returned this morning to print off shortlisted resumes that she realized she’d caught fire.
As she finished her story, Nguyen logged in remotely to confirm what he already knew—it was ransomware, and it was everywhere — he had to get to the office.
After reassuring his co-worker that the company had cyber insurance, Nguyen asked her to leave her computer powered up and to head home for the day. He was beginning to panic.
“With 75 computer users and 200 employees all suddenly cut off from their digital lifelines, we were in trouble,” Nguyen said.
“We rely on digital weight scales for invoicing and truck management. If we can’t access our systems, we can’t operate. And Monday morning deliveries were looming.”
He texted AggreGREAT’s junior IT technician, Gaelle Benoit, and asked her to meet him at the office.
“I knew we had cyber insurance, so I wasn’t worried about paying ransom. My biggest concern was getting operational for tomorrow morning, and I knew I needed Gaelle’s help,” Nguyen said.
And Benoit did help, primarily by convincing him they were in over their heads.
“It was Gaelle who called it. She figured out pretty quickly that we needed support,” Nguyen said.
“It took me longer to let it go. But not too long. I’d advised Gaelle often enough to ask for help. It was time to lead by example. After a quick check-in with the operations manager and owners, I called the Hackbusters.”
The Hackbusters, a team of cyber security specialists, are available around the clock to all BOXX clients—and their IT departments. It’s a service that lead Hackbuster and BOXX virtual chief information security officer (vCISO), Jack Brooks, wishes more clients would take advantage of.
“It’s like having a vCISO on speed dial,” Brooks said.
“Our business clients, whether they have an IT team or not, have unlimited access to professionals with decades of security experience in multiple industries. This is big company information security that SMEs can afford—it’s included in their cyber insurance. It’s a way for brokers to support their clients, and they don’t even have to file a claim to talk to us.”
Benoit was impressed. "Within two hours of our distress call, the BOXX forensic team was unravelling the tangled mess of ransomware that had brought us down."
Recognizing the urgency of the situation, the Hackbusters divided their forces. They reconstructed the company servers outside the infected environment to minimize disruptions to the company’s operations.
This was only doable because, as part of its vCISO service, BOXX had already helped AggreGREAT set up a backup IT system in the cloud. Meanwhile, its forensic experts carefully wiped out any signs of the cyber criminals' activity and thoroughly cleaned all endpoint devices.
“I was freaking out.” Nguyen recalled.
“No one wants a breach to happen on their watch. It’s incredibly stressful and embarrassing. You’re worried about your job, you’re wondering what you could have done better to prevent the situation, you want it to be over. But the Hackbusters were amazing to work with and included Gaelle and me every step of the way, no shaming.”
Thanks to the efforts of the Hackbusters, AggreGREAT was up and running by Monday morning, a feat that seemed impossible just hours earlier. Employees arrived at work and trucks rumbled in, oblivious to the digital drama that had unfolded.
In the days and weeks that followed, the Hackbusters continued to work behind the scenes to help the IT team implement a comprehensive recovery across all systems, ensuring that no lingering threats remained.
“They stuck around to help with system and cyber security hardening, working with us and our IT vendors to reduce vulnerabilities in our system,” Benoit said.
“It was a valuable learning experience for someone new in their career.”
The Hackbusters also helped Nguyen create an incident response plan for potential future cyberattacks and encouraged him to take advantage of the employee cyber security training included with their Cyberboxx Business coverage.
“Letting cybersecurity training lapse was a huge oversight,” Nguyen said.
“As head of IT, it’s my job to oversee this. We should have been training every three months, but at the time of the attack, it had been over a year. I take full responsibility for that. Regular BOXX training sessions are now in the calendar.”
AggreGREAT’s leadership supported their IT team and acknowledged Nguyen and Benoit’s efforts. The company has a more comprehensive understanding of their Cyberboxx Business policy.
Brooks is happy too. “We help small and mid-sized businesses like AggreGREAT build digital resilience,” he said.
“On the other side of this cyberattack, we have an involved and educated client with a high level of coverage. AggreGREAT has a top-notch incident response team on retainer. It’s an all-in-one approach that works really well for everyone. I hope more brokers learn about this, too. We want everyone to know that your BOXX cyber insurance includes this vCISO service.”
