Hands typing on keyboard
How E.R. Snell weathered a ransomware attack & how you can protect your business

The construction industry is one of the most targeted industries for ransomware attacks, which begs the question: why?

Construction businesses of all sizes are enticing to criminals for a variety of reasons, but simply put, they’re vulnerable. The construction industry has embarked on its digital transformation more slowly than others, so many contractors lack the technology and protocols needed to protect against attacks. In fact, 68% percent of construction firms have minimal or no security measures in place.

Many contractors think their business would never be the target of a ransomware attack. But the truth is cybercriminals have their eyes on construction businesses of all sizes and types, and nothing is off the table — especially for contractors still working without the enhanced security protections of cloud-based software and applications.


A Contractor’s Unexpected Ransomware Encounter

In September 2020, E.R. Snell Contractor, Inc. learned firsthand what it’s like to be the victim of a ransomware attack. It was the Sunday before Labor Day, and alerts started rolling in to notify Justin Snell, vice president of technology, that the company’s antivirus software had been disabled.

“As we looked more closely at the network, we could see that files were being encrypted, and by the time we realized what was going on, all of our servers were hacked,” said Snell.

“The next morning, I was on the phone with the FBI. It was surreal.”

At the time, 90% of E.R. Snell’s software system was on-premise, and 10% was hosted in the cloud. Both servers were backed up daily. The backups were a safety net that could be accessed as part of the company’s recovery plan in case of an emergency.

Unfortunately, in addition to encrypting E.R. Snell’s on-premise servers, the hackers deleted most of the cloud backups. The hackers were also able to compromise an employee’s email account, place a key-logger on the on-premise mail server and gain administrative access. Through the chat service, they then demanded a ransomware payment through bitcoin.

E.R. Snell moved fast and within 24 hours, they hired an incident response team and an attorney, and filed a cybersecurity insurance claim. Multifactor authentication was set up on all critical accounts, including email. During these processes, all backups being held for ransom were recovered, making it possible for the company to ignore the ransom demands.

Snell also engaged Trimble Viewpoint to help move its operations to a much more secure, hosted cloud environment. “The team jumped into action immediately to help and within days were moving data and getting everything set up so we could continue to work,” he said. “All of our critical services were back up within a week.”

Although E.R. Snell avoided paying the ransom, the company paid insurance and betterment fees and lost multiple days of work. E.R. Snell also had to hire an outside accounting firm to rebuild five months of data, which took three months to complete, and an outside information technology (IT) firm to rebuild more than 200 computers.


Proactive Steps to Mitigate Cybersecurity Risks


There are no shortcuts when it comes to mitigating cybercrime risk, but moving construction data and processes to the cloud is a great place to start. After the ransomware attack, E.R. Snell moved 80% of its systems to the cloud.

“In hindsight, it’s something I wish we had done sooner,” said Snell. “Trusting our data to Trimble Construction One is an insurance policy in itself and mitigates a lot of risk.”

Digital information stored in the cloud is more secure than on-premise data storage. Cloud services offer you the ability to easily encrypt data, manage user-level permission controls, and provide single sign-on and multifactor authentication.

Cloud vendors can also help you quickly add new network-based controls and layers in other protections to their software products (and instantly pass those protections to their users) when new threats are identified.

Additionally, these other key tips can help construction businesses lower the risk of a cyberattack:

  • Take steps to prevent phishing — A wide range of cybersecurity attacks, from breaches to ransomware, begin with phishing. It takes just one click on a link or email attachment for ransomware to download to a computer. Build a culture that is constantly aware of data security. Employees should look out for threats as they open every email, visit every website and perform any action on their computing devices. Host training sessions and perform phishing simulations to show employees exactly what to look out for to avoid falling for a scam.
  • Fortify passwords — Cracking weak employee passwords is one of the most common ways cybercriminals access company data. To increase security, mandate that employees use an entire phrase when creating a password. Including spaces between a minimum of four words is a great start, but also try adding in characters, numbers and case-sensitive words. Lengthening and complicating this form of security will make it more difficult for hackers.
  • Enable multifactor authentication (MFA) — MFA requires users wishing to access a network to present multiple means of authentication. The most common implementation of MFA is two-factor authentication (2FA), which partners a traditional password with a smartphone application for authorization. Enabling the MFA feature on all assets is ideal, but at minimum, make sure all high-security logins require employees to verify their identities in more than one way.
  • Maintain immutable backups — It’s also important to maintain immutable backups, which is data that cannot be altered or deleted by anyone in an organization within a specific time window. While primary data systems are available for employees to openly share data back and forth, immutable data is isolated and incapable of being accessed. This data can then be used to restore a system should a ransomware attack happen.


For many construction businesses, a ransomware attack seems like something from a movie. As the story of E.R. Snell illustrates, cyber-risk is real for every construction business. Fortunately, by safeguarding data in the cloud and implementing the right processes across the organization, construction business owners can reduce risk and keep cybercriminals at bay.