.png)
An access control ransomware attack left the front doors of a commercial building unusable for days—and turned a routine IT incident into an operational and financial gut check.
The story was shared by Joe Gaspardone of Montgomery Technologies, who described the incident during a NexusCon cybersecurity session based on one of his firm’s clients. Early-morning occupants discovered magnetically locked front doors wouldn’t open. Even the physical override failed.
“There was no security guard on site yet, no property management, and the doors just wouldn’t release,” Gaspardone said. “People were standing outside until they figured out how to manually route everyone through a side entrance.” The disruption lasted multiple days. The root cause: ransomware on the access control system server. What escalated the situation was the absence of backups.
“There was no restore option,” Gaspardone said. “The decision became very explicit—pay about $7,200 in Bitcoin, or rip and replace the server and reload the entire system from scratch.” That forced a real-time tradeoff between operational downtime, reputational risk, and capital expense. Paying the ransom might get doors working faster, but without any guarantee. Rebuilding meant higher cost and longer disruption—but full control.
“This wasn’t normal downtime,” he added. “No backup meant there was no safety net.”
The incident underscored a broader point for facility teams: access control systems are no longer isolated physical infrastructure. They are operationally critical, network-connected assets with cyber failure modes that can shut down buildings—not just dashboards.
The full case was shared as part of a NexusCon session focused on real-world OT cyber incidents and their downstream consequences for owners.
If you’d like to learn more, here are some ways to stay updated on stories like this:
An access control ransomware attack left the front doors of a commercial building unusable for days—and turned a routine IT incident into an operational and financial gut check.
The story was shared by Joe Gaspardone of Montgomery Technologies, who described the incident during a NexusCon cybersecurity session based on one of his firm’s clients. Early-morning occupants discovered magnetically locked front doors wouldn’t open. Even the physical override failed.
“There was no security guard on site yet, no property management, and the doors just wouldn’t release,” Gaspardone said. “People were standing outside until they figured out how to manually route everyone through a side entrance.” The disruption lasted multiple days. The root cause: ransomware on the access control system server. What escalated the situation was the absence of backups.
“There was no restore option,” Gaspardone said. “The decision became very explicit—pay about $7,200 in Bitcoin, or rip and replace the server and reload the entire system from scratch.” That forced a real-time tradeoff between operational downtime, reputational risk, and capital expense. Paying the ransom might get doors working faster, but without any guarantee. Rebuilding meant higher cost and longer disruption—but full control.
“This wasn’t normal downtime,” he added. “No backup meant there was no safety net.”
The incident underscored a broader point for facility teams: access control systems are no longer isolated physical infrastructure. They are operationally critical, network-connected assets with cyber failure modes that can shut down buildings—not just dashboards.
The full case was shared as part of a NexusCon session focused on real-world OT cyber incidents and their downstream consequences for owners.
If you’d like to learn more, here are some ways to stay updated on stories like this:
Head over to Nexus Connect and see what’s new in the community. Don’t forget to check out the latest member-only events.
Go to Nexus ConnectJoin Nexus Pro and get full access including invite-only member gatherings, access to the community chatroom Nexus Connect, networking opportunities, and deep dive essays.
Sign Up
Nexus Labs exists to move the smart buildings industry forward, without the fluff.
On Wednesday, we send out the renowned (and free) Nexus Newsletter.
This is a great piece!
I agree.