Thu | Sep 16, 2021 | 3:21 PM PDT

Being put on hold by customer service can be incredibly frustrating. Often times, all you want is to ask just one quick question, but you're waiting 30 minutes for another person to pick up the phone.

You listen to the boring tune that plays over and over and you wonder what in the world could possibly be taking so long. 

This week, that long hold time could have been caused by a ransomware attack.

That attack hit TTEC Holdings, one of the largest customer experience companies in the world, which assists with customer support and sales over the phone.

Brian Krebs was tweeting about it:

Krebs also reports that the ransomware appears to be a Ragnar Locker variant, after a file appeared on an employee's Windows start menu titled "!RA!G!N!A!R!"

TTEC ransomware attack

TTEC is still trying to recover from the cyberattack. And in communications so far, TTEC offers at least a few insights into what it is dealing with:

"TTEC is committed to cyber security, and to protecting the integrity of our clients' systems and data. We recently became aware of a cybersecurity incident that has affected certain TTEC systems.

Although as a result of the incident, some of our data was encrypted and business activities at several facilities have been temporarily disrupted, the company continues to serve its global clients.

TTEC immediately activated its information security incident response business continuity protocols, isolated the systems involved, and took other appropriate measures to contain the incident. We are now in the process of carefully and deliberately restoring the systems that have been involved.

We also launched an investigation, typical under the circumstances, to determine the potential impacts."

Did you notice the company did not say anything about law enforcement? Could this be because of the Ragnar ransomware gang's new tactics?

CPO Magazine recently detailed Ragnar's new approach:

"Ragnar Locker is now threatening to dump these documents if targets contact investigative agencies, send requests to the police or even hire any recovery company. The ransomware gang issued the warning through its own dark web leaks site.

It also warned that it would view the hiring of “professional negotiators” as a sign of “hostile intent,” claiming that negotiation firms can be expected to contact and work with law enforcement agencies as an opening move."

What the company did offer up, however, was an interesting note about data:

"In serving our clients TTEC, generally, does not maintain our clients' data, and the investigation to date has not identified compromise to clients' data.

That investigation is on-going, and we will take additional action, as appropriate, based on the investigation's results. This is all the information we have to share until our investigation is complete."

Last month, TTEC announced its profits hit an all-time high.

Chairman and CEO Ken Tuchman recently spoke to a period of extreme optimism at the company:

"Our record revenue and profitability has us well positioned to achieve significant financial milestones in 2021 and beyond. Our continued velocity in growing our existing client volume and adding new clients has set us up for long-term growth as they leverage the full breadth of our CX offerings." [Note: CX is customer experience]

This week, it is likely the mood is much different as the company responds to the ransomware attack.

[RELATED: Don't miss out on the SecureWorld Great Lakes virtual conference, which includes multiple sessions on the ransomware threat.]

Tags: Ransomware,