A ransomware attack doesn't always announce itself with flashing warnings and locked screens. Sometimes it starts with a quiet system outage, a few unavailable servers, and a sinking realization days later that the threat actors were already inside. This conversation pulls back the curtain on what really happens when an organization believes it's dealing with routine failures only to discover it's facing a full-scale cyber extortion event.

My guest today is Zachary Lewis, CIO and CISO for a Midwest university, a 40 Under 40 Business Leader, and a former Nonprofit CISO of the Year. Zachary shares the inside story of a LockBit ransomware attack that unfolded while his team was still building foundational security controls, forcing real-time decisions about recovery, disclosure, negotiations, and whether paying a ransom was even an option.

We talk about the shame that keeps many cyber incidents hidden, the emotional weight leaders carry during these moments, and the practical realities that don't show up in tabletop exercises from buying bitcoin to restoring systems when password managers are encrypted. It's an honest, grounded discussion about resilience, preparedness, and why sharing these stories openly may be one of the most important defenses organizations have.

Show Notes:

• [04:05] Zachary Lewis explains why the absence of an immediate ransom note delayed suspicion of an attack.
• [06:00] The first technical indicators suggest something more serious is unfolding.
• [07:45] Discovering encrypted hypervisors and realizing recovery won't be straightforward.
• [09:30] Zachary outlines when data exfiltration became a real concern.
• [11:05] Receiving the LockBit ransomware note confirms the organization has been compromised.
• [12:55] The 4:30 a.m. phone call pushes leadership into full crisis mode.
• [14:40] Zachary reflects on managing fear, responsibility, and decision fatigue mid-incident.
• [16:20] Executive expectations collide with technical realities during the breach.
• [18:05] Why "doing most things right" still doesn't guarantee protection.
• [19:55] Cyber insurance begins shaping early response decisions.
• [21:35] Bringing in incident response teams and legal counsel under tight timelines.
• [23:20] Zachary describes working with the FBI and understanding jurisdictional limits.
• [25:10] What law enforcement can and cannot realistically provide during ransomware events.
• [26:50] Opening communication channels with the threat actors.
• [28:35] The psychological pressure behind ransomware negotiations.
• [30:10] Attacker-imposed timelines force rapid, high-stakes decisions.
• [31:55] Zachary walks through the practical challenges of acquiring cryptocurrency.
• [33:40] Why encrypted password managers created unexpected recovery barriers.
• [35:15] Determining which systems could be restored first—and which could not.
• [37:00] Lessons learned about backup integrity and offline recovery.
• [38:45] The importance of clear internal communication during uncertainty.
• [40:25] Balancing transparency with legal and reputational concerns.
• [42:10] How staff reactions differed from executive responses.
• [43:55] Zachary discusses the stigma that keeps many ransomware incidents quiet.
• [45:40] Why sharing breach stories can strengthen collective defenses.
• [47:20] MFA gaps and configuration issues exposed by the attack.
• [49:05] Why tabletop exercises fall short of real-world incidents.
• [50:50] Long-term security changes made after recovery.
• [52:30] Zachary offers advice for CISOs facing their first major incident.
• [54:10] What preparedness really means beyond compliance checklists.
• [56:00] Why resilience and recovery deserve equal priority.
• [58:30] Final reflections on leadership, accountability, and learning in public.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Zachary Lewis - The Homesteading CISO
• Zach Lewis - LinkedIn