WPP scrambled overnight to fix a cyberattack that froze many of its systems and essentially idled employees in affected offices on Tuesday.
"We are working with our IT partners and law enforcement agencies to assess the situation, take all precautionary steps and return to normal operations as soon as we can," WPP CEO Martin Sorrell wrote in a memo to staff posted 1 a.m. UTC (see below for full text). "At this time, we have no indication that either employee or client data has been compromised."
Productivity ground to a halt in offices across the globe. TV was watched by some. Beer was drunk by others. For many, it was business as usual.
"Many of you will have experienced significant disruption to your work," Sorrell wrote in his note to staff. "However, contrary to some press reports, WPP and its companies are still very much open for business."
The company itself didn't comment on the breach until late in the day, in which hackers demanded bitcoin to release computers, but it appeared to affect units unevenly, with some hit and others left unscathed.
The attack was confirmed by the holding company Tuesday early afternoon after its website went down and WPP tweeted that "IT systems in several WPP companies have been affected by a suspected cyber attack." In an internal memo Y&R said that as a precaution, "WPP is mandating that everyone immediately shut down all computers, both Macs and PCs. This applies to you whether you are in the office or elsewhere. Working on an office computer remotely is not an option. "
But by early evening, Y&R was telling employees "At this stage, Macs, non-Windows tablets, smartphones and the O365 email system do not appear to be affected. Wherever possible, staff can continue to work on these machines or stay connected to their email via the Outlook app or by logging in to O365 from a phone or tablet."
Importantly, Y&R also said, "At this time, we have no indication that client data has been compromised."
One WPP exec said the attack appeared to not affect systems or computers that had operating system patches distributed by Microsoft in the wake of the last ransomware attack, but some people had yet to install the patch on operating systems. People using Macs were unaffected, this person said, adding that WPP instructed everyone who gets the message asking for $300 in bitcoin for a key to end the attack not to pay the ransom in keeping with the corporate policy.
The situation required workarounds. Some staffers said they used used alternative chat sites, like Whatsapp, to communicate outside email and the computer system. Another said impact from the hack was minimal, with email still accessible throughout the day.
But those that were unable to work in many cases took to Twitter to say how they were passing the time. A few of those tweets are below.
Whole global WPP company is hacked, literally standing around with nothing to do pic.twitter.com/juA0129oIz
— Rich (@rbrack10) June 27, 2017
#wpphack has us watching Parks & Rec while we wait for news @Adweek @AdFreak pic.twitter.com/ZgfOEOHwIm
— Brianna Holmes (@brithebrokegirl) June 27, 2017
We are hacked at GroupM!! I feel like this is a movie 😫 #agencylife #agencyhack pic.twitter.com/WsAM7Uy7Ao
— Chelsea (@chelawhita) June 27, 2017
If you're looking for any #WPP or #groupM enployees they're probably in the Square Pig, Old Nick or Old Queens Head, Holborn #hack #whattodo
— Simon Akers (@Simon83) June 27, 2017
Sorrell's full email to staff reads as follows:
CYBER ATTACK – UPDATE
As you will know, organisations around the world have been hit by a cyber attack. A number of WPP companies – though not all – have been affected.
We are working with our IT partners and law enforcement agencies to assess the situation, take all precautionary steps and return to normal operations as soon as we can. At this time, we have no indication that either employee or client data has been compromised. As you would expect, our companies and teams are in contact with clients on an ongoing basis.
Many of you will have experienced significant disruption to your work. However, contrary to some press reports, WPP and its companies are still very much open for business.
We are a group packed full of highly creative, ingenious and dedicated people. I urge you all to put those qualities to use in making sure that what our clients experience in the hours and days ahead is as close to business as usual as we can possibly manage.
The IT teams in all our companies affected, coordinated by the Group IT function, are working hard to balance the need to protect our systems and the need to bring them back online in a timely fashion. The approach and solution will vary from company to company. It is crucial that you give them your full cooperation and support, and follow their instructions.
Thank you.
Sir Martin Sorrell
Contributing: Jack Neff
~ ~ ~
CORRECTION: An earlier version of this article said hackers had demanded 300 bitcoin, equivalent to roughly $600,000, to unlock affected computers. The correct figure is $300 in bitcoin.