18 May 2026 | Blog
One click. 350,000 affected companies. And the decisions that determined the outcome.
It started on 7 December 2023. An employee at a French IT firm opened a standard email and clicked a single link. What happened next triggered a digital catastrophe that no one could have foreseen. In just 24 hours, an unprecedented domino effect brought more than 350,000 organisations to a complete standstill.
Behind the devastating supply-chain cyberattack was LockBit, widely feared as the most notorious ransomware syndicate in the world. Following a relentless, year-long international investigation led by Europol and the FBI, the gang’s core members were finally tracked down and arrested.
In this gripping new cybersecurity documentary, Don’t Go to the Police, you will follow the chaotic fallout step by step. Packed with exclusive interviews from global intelligence agencies and dramatic reconstructed scenes, this feature reveals the true cost of cyber-extortion. Ultimately, it uncovers how high-stakes decisions made both under extreme pressure and months before the breach defined the final outcome.
What is really at stake
The cyberattack on Coaxis was a stark reminder of the devastating reality of modern cybercrime. It began as a targeted ransomware attack, systems were encrypted, networks were locked, and a substantial ransom was demanded. However, the fallout extended far beyond the IT department.
In a matter of hours, the incident escalated into a full-scale operational crisis. Day-to-day business operations ground to a halt, while the breach rippled outward to cause severe supply chain disruption across networks. Crucially, hard-earned trust with loyal customers and commercial partners was instantly put under immense pressure. Simultaneously, leadership teams were forced to make high-stakes decisions under extreme time pressure, navigating the chaos with limited information while facing severe financial and legal consequences.
The Coaxis incident demonstrates just how rapidly a single security breach can escalate into a systemic crisis felt far beyond a company's own walls. In today’s interconnected digital landscape, total prevention is no longer guaranteed. However, the ultimate severity of the impact and the speed of your recovery is largely determined by the strategic choices made long before the attacker strikes. True cyber resilience isn’t just about building higher walls; it relies on proactive incident response, robust business continuity planning, and decisive crisis management.
Operational impact
The average downtime after a ransomware attack is 3 weeks
The disruption of one or more critical digital systems has a direct impact on daily operations. Systems are unavailable, customer processes grind to a halt, and teams must work in a temporary emergency mode. This has direct consequences for productivity and service delivery.
Supply chain impact
19,000 companies have been compromised in five years.
Two-thirds of these are SMEs. Cybercriminals are increasingly targeting suppliers and partners to gain access to multiple organisations simultaneously. This leads to delivery problems, disrupted dependencies, and a loss of trust within the supply chain.
Financial impact
The estimated global cost of cyberextortion per year is 20 to 30 billion dollars.
The financial damage consists of more than just ransom demands. Business interruption, loss of revenue, recovery costs, crisis management, and potential fines from regulators cause the impact to escalate rapidly.
Reputation impact
60% of customers lose trust after a ransomware attack.
In addition to direct damage, there is also a broader reputational impact. Uncertainty in communication, media attention, and disruption of customer and partner relationships can erode trust and have long-lasting consequences. Even when systems have been technically restored, reputational damage can continue to weigh more heavily in the long run.
Legal impact
72 hours is the time window within which an incident must be reported.
Organisations are required to report data breaches to the competent authorities and to inform data subjects when sensitive data has been leaked. In case of negligence, an organisation may be held liable and additional compliance measures may follow.
Human impact
Crisis management in cyber extortion places heavy pressure on people
Technical, legal, commercial, and reputational issues converge within a small group of employees, particularly IT teams. With limited information and high time pressure, they must make choices with major consequences, especially when personal data has been leaked.
Are you prepared for what comes next?
You cannot prevent every incident. But you can prepare for the choices that influence the outcome. Who makes a decision, when, and based on what information? How do you communicate with customers and partners? And are backups truly out of reach of an attacker?
Organisations that emerge stronger do not improvise under pressure. They have thought through these questions in advance and know what is expected of them when it matters.
You build strong security by thinking ahead together.
Good security begins with forward thinking. Not as a one-off exercise, but as an ongoing dialogue. About choices that are still open, assumptions that have not yet been tested, and questions you would rather answer before they become urgent.
We conduct that dialogue together. At Orange Cyberdefense, we map out where uncertainties remain, what is already well-established, and what requires attention before pressure mounts. From strategy and advice to implementation, monitoring, and response, so you remain in control when it matters most.
Curious which choices are still open in your organisation?
Speak to an expert today