Select your country

Belgium

China

Denmark

France

Germany

Maghreb & West Africa

Netherlands

Norway

South Africa

Spain

Sweden

Switzerland

United Kingdom

Not finding what you are looking for, select your country from our regional selector:

Search

One click. 350,000 affected businesses. And the decisions that determined the outcome.

December 7, 2023. An employee at a French IT company opens an email and clicks a link. What happens next has consequences no one can foresee at that moment. Overnight, more than 350,000 organizations grind to a halt.

Behind the attack is LockBit, one of the most notorious ransomware groups in the world. After a year of intensive investigation by Europol and the FBI, the core members are arrested.

In this documentary, you follow the incident step by step. Through exclusive interviews and reconstructed scenes, it becomes clear how not only the attack itself, but above all the decisions – made under pressure or long before – determined how it ended.

What is truly at stake

The attack on Coaxis was a ransomware incident. Systems were locked and a ransom was demanded. The impact extended beyond IT alone. Operations came to a standstill, supply chains were disrupted, and the trust of customers and partners came under pressure. At the same time, teams had to make decisions under intense time pressure, with limited information and significant consequences.

Incidents like this show how quickly a single attack can escalate into a crisis that is felt far beyond the organization itself. Not everything can be prevented. But the severity of the impact is largely determined by choices made before the incident even occurs

Operational impact

3 weeks is the average downtime after a ransomware attack.

Disruption of one or more critical digital systems has a direct effect on day-to-day operations. Systems become unavailable, customer processes stall, and teams must work in a temporary emergency mode. This has immediate consequences for productivity and service delivery.

Supply chain impact

19,000 companies have been compromised over a five-year period.

Two-thirds of these are SMEs. Cybercriminals increasingly target suppliers and partners to gain access to multiple organizations at once. This leads to delivery issues, disrupted dependencies, and loss of trust within the supply chain.

Financial impact

20 to 30 billion dollars is the estimated global annual cost of cyber extortion.

The financial damage goes beyond ransom demands alone. Business interruption, lost revenue, recovery costs, crisis management, and potential regulatory fines cause the total impact to escalate quickly.

Reputational impact

60% of customers lose trust after a ransomware attack.

In addition to direct damage, there is broader reputational impact. Uncertainty in communication, media attention, and disruption of customer and partner relationships can erode trust and have long-term consequences. Even when systems are technically restored, reputational damage may weigh more heavily over time.

Legal impact

72 hours is the time window within which an incident must be reported.

Organizations are required to report data breaches to the relevant authorities and inform affected parties when sensitive data has been compromised. Failure to comply can result in liability and additional compliance measures.

Human impact

Crisis management during cyber extortion places heavy pressure on people.

Technical, legal, commercial, and reputational issues converge on a small group of employees, particularly IT teams. With limited information and intense time pressure, they must make decisions with major consequences – especially when personal data has been exposed.

Are you prepared for what comes next?

You cannot prevent every incident. But you can prepare for the decisions that influence the outcome. Who makes which decisions, and when – and based on what information? How do you communicate with customers and partners? And are your backups truly out of reach of an attacker?

Organizations that emerge stronger do not improvise under pressure. They have thought through these questions in advance and know what is expected of them when it matters most.

20 April 2026 | Blog

If your company were hit by a ransomware attack and held hostage tomorrow morning, would you pay the ransom?

Read more

18 May 2026 | Blog

How strong is your security if one link in your chain fails?

Read more

19 May 2026 | Blog

How do you prevent one wrong click from becoming decisive?

Read more

Building strong security starts with thinking ahead – together

Good security begins with anticipating what lies ahead – not as a one-time exercise, but as an ongoing dialogue. About choices still to be made, assumptions not yet tested, and questions you would rather answer before they become urgent.

We have that dialogue together. At Orange Cyberdefense, we identify where uncertainties remain, what is already well established, and what needs attention before pressure builds. From strategy and advisory to implementation, monitoring, and response – so you remain in control when it counts.

Curious which decisions in your organization still need to be made? 

Feel free to get in touch.
Van strategie tot uitvoer: jouw cybersecurity in vertrouwde handen
24/7 incident hotline