2026-05-07 –, Workshops and Stage - Gernsback (C1.05.02)
A real-world ransomware attack on a non-IT company where cybersecurity wasn’t a priority. Learn how incident management and business continuity collapsed under pressure, what really happens during an attack, and the lessons leaders must learn shared from real cases presented at Bsides
Ransomware is no longer an abstract IT risk is an operational crisis. This talk presents a real-life ransomware attack against a large, non-IT industrial company where cybersecurity was not considered a business priority.
Through a chronological breakdown of the incident, we explore how a single phishing email escalated into a full IT blackout, shutting down operations, disrupting production, and paralyzing the business for months. The session focuses on incident management under pressure and the failure and rebuilding of the Business Continuity Plan.
Attendees will gain an inside view of:
What actually happens during a ransomware attack, beyond theory and frameworks
How organizational mindset and management decisions amplify impact
Why missing “basic” security controls turns incidents into disasters
Practical lessons learned during recovery and transformation
This talk is based on a real case, previously presented at BSides Chișinău and BSides Cluj(you can have feedback from the organizers if needed), and is aimed at both technical and non-technical audiences who want to understand ransomware from a business-impact perspective not just a technical one.
Senior Cybersecurity Consultant with over 15 years of experience leading strategic security initiatives across global organizations. I am specialized in aligning cybersecurity governance with business objectives, ensuring compliance, managing risk, and enabling secure innovation. My expertise includes security architecture, regulatory frameworks (ISO 27001, GDPR, NIS2, DORA), and cross-regional project management. I have successfully delivered high-impact programs, audits, and policy frameworks in collaboration with teams from Europe, North America, and Asia. I am also an active member of the local cybersecurity community.