On the morning of March 11, 2026, employees at a company headquartered right here in Kalamazoo County turned on their computers and watched everything disappear. Not encrypted with a ransom demand. Not locked behind a payment screen. Just gone—wiped clean across 200,000 devices in 79 countries before most of the team had finished their first cup of coffee.

The company was Stryker Corporation—one of Michigan’s largest employers and a Fortune 500 medical technology giant. The attack that hit them wasn’t ransomware. It was something newer, quieter, and in many ways worse. And if your business runs Microsoft 365, what happened to Stryker deserves your full attention.

Ransomware You’ve Heard Of. Wiper Attacks Are Different.

Most business owners by now understand the ransomware playbook: hackers break in, encrypt your files, and demand payment in exchange for the decryption key. It’s a terrible situation—but there’s at least a negotiation. A path, however painful, toward recovery.

A wiper attack has no such mercy. Instead of encrypting your data, it destroys it permanently. There’s no ransom note. No decryption key waiting behind a wire transfer. No customer service line on the attacker’s end. The goal isn’t money—it’s maximum disruption.

⚠  What Makes Wiper Attacks So Dangerous Ransomware leaves data on the disk—encrypted, but physically present. Forensic teams can analyze it. Wiper malware overwrites the disk itself. Once it runs, the only recovery path is a clean, offline backup. If you don’t have one, you’re rebuilding from scratch.

This distinction matters enormously for Michigan businesses. Every IT decision you’ve made—your cybersecurity investments, your data management practices, your backup strategy—needs to account for this type of attack, not just ransomware.

How Attackers Used Stryker’s Own Tools Against Them

Here’s the detail that should stop every business owner in their tracks: the attackers who hit Stryker didn’t use exotic malware. They used Microsoft Intune—the same device management platform that thousands of Michigan businesses rely on to manage their laptops, phones, and remote devices.

Investigators believe the attackers compromised administrative credentials within Stryker’s Microsoft 365 environment. Once inside with admin-level access, they used Intune’s built-in remote wipe feature—a legitimate tool designed for IT departments—to factory-reset every enrolled device simultaneously. Over 200,000 systems went dark within hours.

🔍  The Core Lesson This wasn’t a failure of Microsoft’s platform. Intune did exactly what it was designed to do. The failure was in how administrative access was managed, monitored, and protected. Any business running Microsoft 365 with improperly secured admin accounts faces a version of this same risk.

The attack’s entry point? Likely stolen or phished credentials, which may have been circulating on the dark web long before the attack was executed. This is the new attack model—not breaking through your walls, but walking through your front door with your own keys.

What This Means for Michigan Businesses

You might be thinking: we’re not a Fortune 500 company. Hackers aren’t targeting us. That assumption is exactly what makes smaller businesses vulnerable. Research shows that 43% of all cyberattacks now target small and mid-sized businesses—and SMBs accounted for 70.5% of all publicly disclosed data breaches in 2025. Large companies have hardened their defenses. Attackers have moved down-market.

And as Thomas Holt, director of Michigan State University’s Center for Cybercrime Investigation & Training, noted in the aftermath of the Stryker attack: these incidents rarely stop with a single organization. Supply chains get probed. Service providers get targeted. Small businesses connected to healthcare networks, manufacturers, or government contractors may already be part of someone else’s attack surface without knowing it.

The question every Michigan business owner should be asking right now is simple: who manages and monitors our administrative access? If the answer is uncertain—or “we handle it ourselves”—that’s the conversation to have next.

Three Things That Protect Against Wiper Attacks

The good news: the defenses against wiper attacks aren’t mysterious or enterprise-only. They’re disciplined, consistent practices that any properly managed IT environment should already have in place.

1. 01. Properly secured administrative accounts. Every Microsoft 365 tenant has admin credentials. Those credentials need phishing-resistant multi-factor authentication, strict access controls, and continuous monitoring for unusual activity—especially large-scale device management commands.
2. 02. Immutable, offline backups. When a wiper strikes, your backups are your only path to recovery. But backups connected to the same network environment that gets attacked may be wiped alongside everything else. Clean, air-gapped, regularly tested backups are non-negotiable.
3. 03. Dark web credential monitoring. The Stryker attack likely began with compromised credentials—potentially stolen long before the attack itself. Monitoring the dark web for your company’s exposed usernames and passwords is how you catch the warning signs before attackers can use them.

Take the Next Step

If you’re a Michigan business owner running on Microsoft 365 and you’re not certain your administrative access is properly secured, your backups are truly isolated, and your credentials are being monitored on the dark web—those are three conversations worth having before they become one very expensive emergency.

Lyons Technology Solutions helps Michigan businesses build enterprise-level cybersecurity without the enterprise-level complexity. Our team provides data backup and disaster recovery solutions and dark web monitoring designed specifically for Michigan businesses that don’t have an in-house IT department.

Schedule your complimentary IT consultation at lyonstechnology.net/contact — no pressure, no obligation, just clarity on where your business stands.