The attack started because an employee clicked a spearphishing link, a fake link that opened the door to the hackers. They accessed the IT and then industrial networks. The immediate effect was that hackers encrypted data on the victim's networks. The company was unable to read real-time data, prompting a shutdown lasting two days. Both IT and industrial processes were attacked.