Hiltzik: Ransomware attack’s toll on small business

When ransomware bandits struck his business last June, encrypting all his data and operational software and sending him a skull-and-crossbones image and an email address to learn the price he would have to pay to restore it all, Fran Finnegan thought it would take him weeks to restore everything to its pre-hack condition.

It took him more than a year.

Finnegan’s service, SEC Info, went back online July 18. The intervening year was one of brutal 12-hour days, seven days a week, and the expenditure of tens of thousands of dollars (and the loss of much more in subscriber payments while the site was down).

He had to buy two new high-capacity computers, or servers, and wait for his vendor, Dell, to master a post-pandemic computer chip shortage.

Meanwhile, subscribers, who had been paying up to $180 a year for his service, were falling away.

Finnegan estimates that as many as half his subscribers may have canceled their accounts, leaving him with a six-figure loss in income over the year.

He expects most to return once they learn SEC Info is up and running, but the hackers destroyed his customer database, including email contacts and billing information, so he has to wait for them to proactively restore their accounts.

Getting SEC Info back online required Finnegan to painstakingly reconstruct software that he had written over the prior 25 years and reinstall a database of some 15.4 million corporate Securities and Exchange Commission filings dating back to 1993.

It was a truly heroic effort, and it was all in his hands. Finnegan labored under intense, self-imposed pressure to get his service up and running just as it was before the attack.

“The amount of details I had to deal with was just excruciating and very frustrating — I thought, ‘I did all this once before, and now I’ve got to do it all again.’ Because I lost everything.”

At roughly the midpoint, a few days before Christmas, he experienced a stroke — a mild one manifested in a series of falls, but not any cognitive difficulties — that he attributes to the stress he was under.

SEC Info provides subscribers with access to every financial disclosure document filed with the Securities and Exchange Commission — annual and quarterly reports, proxy statements, disclosures of top shareholders and much more, a vast storehouse of publicly available financial information, presented in a searchable and uniquely well-organized format.

The website looks like the product of a team of data-crunching experts, but it’s a one-man shop. “This is my thing,” Finnegan, 71, told me. “I’m the only guy. Nothing happens unless I do it myself.”

With a degree in computer science and an MBA from the University of Chicago, as well as about a dozen years of Wall Street experience as an investment banker and a few years as an independent software designer for large corporations, Finnegan launched SEC Info in 1997.

The SEC had placed its EDGAR database online for free after recognizing that doing so would allow entrepreneurs to offer a host of innovative formats and related data services.

Finnegan was one of the pioneers in the field, eventually becoming one of the largest third-party vendors of SEC filings.

Finnegan’s experience opens a window into the consequences of ransomware that don’t get reported much — the impact on small businesses like his, which don’t have teams of data professionals to mobilize in response or a footprint large enough to get help from federal or international law enforcement agencies.

Ransomware attacks, in which perpetrators steal or encrypt victims’ online access or data and demand payment to regain access, have proliferated in recent years for several reasons.

One is the explosive growth of opportunity: More systems and devices are linked to cyberspace than ever before, and a relatively a small percentage are protected by effective cybersecurity precautions.

Data kidnappers can deploy an ever-expanding arsenal of off-the-shelf tools that “make launching ransomware attacks almost as simple as using an online auction site,” according to Palo Alto Networks, which markets cybersecurity systems. Some ransomware entrepreneurs “offer ‘startup kits’ and ‘support services’ to would-be cybercriminals, … accelerating the speed with which attacks can be introduced and spread,” Palo Alto reports.

The advent of cryptocurrencies may also have facilitated these attacks; perpetrators commonly demand payment in bitcoin or other virtual currencies, evidently on the assumption that those transactions are harder for authorities to track than those using dollars. (That may be a false assumption, as it turns out.)