Late on a Tuesday night, ransomware began quietly moving through a local transportation company's network. By the time anyone noticed the next morning, it was nearly 11 AM. Ten computers. A server. Years of dispatch and reservation data. An entire operation that keeps vehicles moving across the island, suddenly in jeopardy.
This is a real call we responded to. We're sharing it because the details matter, and because the same vulnerabilities that hurt this business exist in a lot of other places around Oahu.
How the Attack Unfolded
The infection appears to have started between 9 and 10 PM on January 29th. Ransomware typically spreads quietly at first, working through shared drives and mapped network folders before anyone is awake to notice. By the time the business opened the next morning and called us, the malware had been running for hours.
We arrived on site to find 10 affected machines: 8 running Windows 7, 2 running Windows 11. System files were encrypted. Workstations were barely functional. Our security software wouldn't install on several of them because the underlying OS was too damaged.
There was also an external hard drive that may have been used for backups. We checked it. The files were corrupted and couldn't be used for recovery.
The One Break That Saved Them
Here's where things got lucky, and we don't use that word lightly.
The company's database files, the ones running their dispatch and reservation software, were open and actively in use at the time of the infection. Ransomware typically can't encrypt a file that's locked by a running application. Because of that timing, the live database survived intact.
Several workstations also had local copies of the software's front-end files that the malware missed. We were able to copy those front-end files back to the server and redeploy them to each workstation, restoring access to the database.
That's the recovery. The rest of the encrypted files, documents, local data on the desktops, anything that wasn't part of that live database, was gone. No decryption key. No ransom paid. No recovery.
Why Windows 7 Made This Worse
Windows 7 reached end of life in January 2020. Microsoft stopped issuing security updates, which means every vulnerability discovered since then has remained unpatched on those machines. That's over six years of open doors.
Older operating systems are a primary target for ransomware precisely because attackers know the patches will never come. Once one machine on a Windows 7 network is compromised, the others are easier to reach.
This business also runs legacy dispatch software that requires Microsoft Access 97, a database platform from the late 1990s. That dependency created a real bind: upgrading to Windows 11 would break the software they rely on to operate. So the machines stayed on Windows 7, and the exposure kept building.
This is one of the most common traps we see with small businesses. The software is old but it works, so nobody wants to touch it. The update gets deferred. And then something like this happens.
Where Things Stand Now
We ended the emergency call with as many machines as possible restored to working order, focused on one goal: get the database accessible again. That goal was met.
But the network is still in a compromised state. Machines that were hit hard are barely running. Security software couldn't be fully deployed across the fleet. The priority was operational continuity, not a clean rebuild.
That's a hard truth. In a ransomware response, sometimes you're choosing between "done right" and "done now," and the business can't afford to be down while you do it right. We made the call to get them operational first.
The Road Ahead
The honest answer is that surviving a ransomware attack doesn't mean the problem is solved. It means you bought time. Here's the full plan for this client:
Reload all machines with Windows 11. Once the dispatch software situation is resolved, every workstation gets a clean install on a supported operating system.
New server running Windows Server 2025. The current server is outdated. A modern server means better security controls, proper user permissions, and a foundation that can actually be defended.
Upgrade the dispatch software. The goal is to move to something modern, either a newer version of the application that works with current Microsoft Access, or a platform that doesn't depend on Access at all. That dependency is the root of the upgrade problem, and it has to go.
A real backup solution. The external hard drive they were relying on for backups failed them. A robust backup setup means automated, offsite, tested backups. Not a drive that sits next to the server and gets hit by the same attack that hits everything else.
What This Means for Your Business
If you're running old hardware or software because it still technically works, this story is for you. Windows 7 is not a minor inconvenience. It's an open vulnerability. And if your backups haven't been tested recently, you may not actually have backups.
You don't have to upgrade everything at once. But you should know where your risks are.
If your computers haven't been reviewed in a while, or if you're running legacy software and not sure what your options are, give us a call. We work with small businesses all over Oahu and we'll give you a straight answer about where you stand. Reach the Cowabunga! Computers team at 808-468-4416 or send us a message at https://www.smartcows.com/contact.