Schedule A Quick Demo SCHEDULE A DEMO

How to Protect Against Ransomware Attacks

Posted by Bill Gallivan | Mon, Jun 22, 2020

Cybercrime continues to cast a large shadow across the legal community, especially when it comes to ransomware. Within a single 24-hour period alone, three law firms were targets of such cybercriminal exploits, resulting in stolen data and the potential for sensitive information to be posted in public forums.

Ransomware is one of the most pressing cybersecurity issues facing the legal field today. Law firms are attractive targets for data thieves and other malicious actors because the information stored in their databases is so valuable. Firms cannot afford to let discovery documents, legal briefs, and other information be distributed to the public at large.

Take the proper precautions to protect your firm against ransomware attacks and safeguard both your data and your client’s documents. 


What is ransomware?

Of the many tactics deployed by cybercriminals, ransomware is perhaps the most damaging to law firms. A ransomware attack goes beyond simply stealing files and documents, encrypting data, and preventing the owner from accessing it. The perpetrators then demand a large ransom to be paid in exchange for the encryption key. Because encryption is so difficult to crack - virtually impossible with a modern cipher - victims are left with no choice but to pay the ransom.

Of course, there’s no guarantee the attackers will hold up their end of the bargain. Once they realize the victim is willing to pay the ransom, they may turn around and ask for even more money. They may simply take the money and run, leaving the data encrypted and inaccessible.


What are the ransomware threats legal firms face?

Ransomware attacks are becoming more common - not to mention expensive for their victims. According to the FBI, there were nearly 1,500 incidents reported to the agency in 2018 alone. More alarming than the sheer number of ransomware events is the growing cost of those attacks. Total losses increased 55% between 2017 and 2018, reaching $3.6 million.

Cybercriminals know that attorneys will do everything in their power to retrieve sensitive data, even paying tens of thousands of dollars if need be. As such, legal practices will continue to be at risk for such attacks and need to take proper measures to prevent them and protect their databases.


How do ransomware attacks breach law firms?

The most common way cybercriminals launch ransomware attacks is through phishing emails. This tactic is incredibly effective because it preys upon the ignorance and lack of awareness of employees.

Phishing emails appear to be legitimate at first glance, but they contain links to sites with malicious software or executable files that infect the user’s machine with malware. The average person is largely unaware of the threat that cybercrime poses - not to mention how common ransomware attacks have become. Employees may not recognize red flags or scrutinize emails sent from unknown sources. 

Cybercriminals have been known to use even more sophisticated measures to trick unsuspecting employees into opening phishing emails and infecting their machines. Spear phishing uses social engineering tools to target a specific person or institution. Instead of receiving an obviously suspicious email, spear phishing victims might find one that is addressed to them, references their law firm or appears to have been sent by a colleague or even their boss. With fewer red flags to spot, it’s much more difficult to screen out these kinds of ransomware attacks. 

Once the user has clicked on the link or downloaded the malicious software, there’s no turning back. Their computer, laptop, or mobile device becomes infected with ransomware, compromising whatever data is stored on that machine.

At that point, law firms have two choices: Either pay the ransom and hope for the best, or use system restore tools to retrieve data backups. That second option is only viable if the firm has a comprehensive disaster recovery plan and backup systems in place, which is by no means a guarantee. Once data has been encrypted by ransomware, nothing short of the encryption key will bring it back. 


How can law firms protect themselves against ransomware and data leaks?

Traditional cybersecurity measures like antivirus software are unlikely to stop ransomware since those attacks are adept at bypassing those defences. There are several ways law firms can go about insulating themselves from ransomware attacks and other data breaches.


Educate staffers

First, educate employees about cybersecurity best practices. Staff members are, in many cases, the first line of defense against a cyberattack. That’s especially true when it comes to security incidents involving phishing emails. Being able to recognize the tell-tale signs of malicious activity will make your employees an asset, rather than a liability, in the fight against cybercrime. When law firms establish a strong organizational culture that prioritizes a robust cybersecurity posture, they significantly reduce their threat surface area.


Implement a disaster recovery plan

Another recommended step to take is to implement a comprehensive disaster recovery and system restore procedure. You may not be able to guarantee that a cybercriminal will restore data encrypted by ransomware, but you can minimize, if not completely obviate, the loss of those documents.

Backup systems allow law firms to simply retrieve any data that has been compromised so they don’t need to roll the dice on paying the ransom. A good disaster recovery plan goes beyond storing duplicate data on external hard drives and using a network of backups to provide both redundancy as well as diversity. A cloud backup can be especially effective, as long as the cloud provider has an ironclad cybersecurity plan in place.


Craft an incident response plan

Law firms should also create an incident response plan so employees know exactly what to do if they have reason to believe their work computers have been infected by ransomware. An incident response plan removes any confusion from the situation and helps organizations remediate threats as quickly as possible.

Above all else, attorneys need to assume that a data breach will happen at some point. New threats are emerging every day, and the cybersecurity community can’t possibly account for every single malware strain and vulnerability before an attack is launched. Plan for the worst-case scenario, and you will never be caught off-guard.


If you found this article interesting, be sure to subscribe you and your team to our monthly blog distribution email. This email list is solely for blog distribution purposes and we promise to only send one email per month. To subscribe, simply scroll down and fill out the "Subscribe" form below the comment box.

Topics: Best Practices

Written by Bill Gallivan

Bill is a seasoned technology commercialization manager, security & forensic consultant, and submarine officer that founded Digital WarRoom in 2002. He is a strong advocate for making e-discovery accessible to everyone and creating publically available educational content. Bill serves as President, CFO and Chief Mentor for the Digital WarRoom family.

Comment On This Article

Featured Blogs

Recent Blogs

Product Updates

Subscribe To Monthly Blog Distribution List

The content on this blog is not intended to be legal advice.

Subscribe To Monthly Blog Distribution List