Ransomware Protection | How to Protect Against Ransomware Attacks?

Posted by Bill Gallivan | Mon, Jun 22, 2020

Cybercrime continues to cast a large shadow across the legal community, especially when it comes to ransomware. Within a single 24-hour period alone, three law firms were targets of such cybercriminal exploits, resulting in stolen data and the potential for sensitive information to be posted in public forums.

Ransomware is one of the most pressing cybersecurity issues facing the legal field today. Law firms are attractive targets for data thieves and other malicious actors because the information stored in their databases is so valuable. Firms cannot afford to let discovery documents, legal briefs, and other information be distributed to the public at large.

Take the proper precautions to protect your firm against ransomware attacks and safeguard both your data and your client’s documents. 

What is a Ransomware Attack?

A ransomware attack occurs when a malicious actor deploys ransomware on a victim's system. Upon infection, the ransomware encrypts the victim's files, making them inaccessible. The attacker then demands a ransom payment in exchange for the decryption key.

Ransomware attacks have been on the rise in recent years, with cybercriminals targeting individuals, businesses, and even government organizations. These attacks can have devastating consequences, causing data loss, financial damage, and reputational harm. In some cases, victims may be left with no choice but to pay the ransom to regain access to their files.

A ransomware attack goes beyond simply stealing files and documents, encrypting data, and preventing the owner from accessing it. The perpetrators then demand a large ransom to be paid in exchange for the encryption key. Because encryption is so difficult to crack - virtually impossible with a modern cipher - victims are left with no choice but to pay the ransom.

Of course, there’s no guarantee the attackers will hold up their end of the bargain. Once they realize the victim is willing to pay the ransom, they may turn around and ask for even more money. They may simply take the money and run, leaving the data encrypted and inaccessible.

How Does Ransomware Work?

Once ransomware infiltrates a system, it seeks out files to encrypt. It uses encryption algorithms to lock the files, rendering them inaccessible without the decryption key. The attacker then displays a ransom note, instructing the victim on how to make the payment and receive the decryption key.


What are the Different Types of Ransomware Attacks?

Ransomware comes in various forms, each presenting unique challenges and threats to individuals and organizations. Understanding the different types of ransomware is crucial for recognizing and mitigating these cyber threats. Below are some of the most common variants:

Encrypting Ransomware: This type of ransomware encrypts files on the victim's system, making them inaccessible until a ransom is paid for the decryption key.

Locker Ransomware: Locker ransomware locks the victim out of their entire system, preventing access to files, applications, and sometimes even the operating system itself.

Scareware: Scareware doesn't actually encrypt or lock files; instead, it displays intimidating messages or fake warnings that trick users into paying for unnecessary or non-existent services to remove supposed threats.

Doxware (Leakware): Also known as extortionware, this type of ransomware threatens to publish sensitive information stolen from the victim's system unless a ransom is paid.

Mobile Ransomware: Designed specifically for mobile devices, this ransomware targets smartphones and tablets, encrypting files or locking the device until a ransom is paid.

RaaS (Ransomware-as-a-Service): RaaS allows cybercriminals to rent or purchase ransomware kits, enabling even those with limited technical expertise to conduct ransomware attacks.

Why is It So Hard to Find Ransomware Perpetrators?

Finding the perpetrators of ransomware attacks is often a challenging task. Cybercriminals typically employ sophisticated techniques to conceal their identities and cover their tracks. They often operate from countries with lax cybersecurity regulations or use anonymizing technologies, making it difficult for authorities to track them down.

What are the Ransomware Threats Legal Firms Face?

Ransomware attacks are becoming more common - not to mention expensive for their victims. According to the FBI, there were nearly 1,500 incidents reported to the agency in 2018 alone. More alarming than the sheer number of ransomware events is the growing cost of those attacks. Total losses increased 55% between 2017 and 2018, reaching $3.6 million.

Cybercriminals know that attorneys will do everything in their power to retrieve sensitive data, even paying tens of thousands of dollars if need be. As such, legal practices will continue to be at risk for such attacks and need to take proper measures to prevent them and protect their databases.

How Do Ransomware Attacks Breach Law Firms?

The most common way cybercriminals launch ransomware attacks is through phishing emails. This tactic is incredibly effective because it preys upon the ignorance and lack of awareness of employees.

Phishing emails appear to be legitimate at first glance, but they contain links to sites with malicious software or executable files that infect the user’s machine with malware. The average person is largely unaware of the threat that cybercrime poses - not to mention how common ransomware attacks have become. Employees may not recognize red flags or scrutinize emails sent from unknown sources. 

Cybercriminals have been known to use even more sophisticated measures to trick unsuspecting employees into opening phishing emails and infecting their machines. Spear phishing uses social engineering tools to target a specific person or institution. Instead of receiving an obviously suspicious email, spear phishing victims might find one that is addressed to them, references their law firm or appears to have been sent by a colleague or even their boss. With fewer red flags to spot, it’s much more difficult to screen out these kinds of ransomware attacks. 

Once the user has clicked on the link or downloaded the malicious software, there’s no turning back. Their computer, laptop, or mobile device becomes infected with ransomware, compromising whatever data is stored on that machine.

At that point, law firms have two choices: Either pay the ransom and hope for the best, or use system restore tools to retrieve data backups. That second option is only viable if the firm has a comprehensive disaster recovery plan and backup systems in place, which is by no means a guarantee. Once data has been encrypted by ransomware, nothing short of the encryption key will bring it back. 

How to Prevent Ransomware?

  • Implement strong security measures: Use reputable antivirus software, firewalls, and intrusion detection systems to strengthen your network security.
  • Keep software up to date: Patch vulnerabilities by keeping your operating systems and applications up to date with the latest security updates.
  • Restrict user privileges: Limit user access to sensitive files and systems to reduce the potential impact of an attack.
  • Implement email filters: Use email filters that can detect and block potential phishing emails.
  • Monitor network activity: Regularly monitor your network for any suspicious or unauthorized activity.

How Can Law Firms Protect Themselves Against Ransomware and Data Leaks?

Traditional cybersecurity measures like antivirus software are unlikely to stop ransomware since those attacks are adept at bypassing those defenses. There are several ways law firms can go about insulating themselves from ransomware attacks and other data breaches.

  • Educate Staffers: First, educate employees about cybersecurity best practices. Staff members are, in many cases, the first line of defense against a cyberattack. That’s especially true when it comes to security incidents involving phishing emails. Being able to recognize the tell-tale signs of malicious activity will make your employees an asset, rather than a liability, in the fight against cybercrime. When law firms establish a strong organizational culture that prioritizes a robust cybersecurity posture, they significantly reduce their threat surface area.
  • Implement a Disaster Recovery Plan: Another recommended step to take is to implement a comprehensive disaster recovery and system restore procedure. You may not be able to guarantee that a cybercriminal will restore data encrypted by ransomware, but you can minimize if not completely obviate, the loss of those documents.

Backup systems allow law firms to simply retrieve any data that has been compromised so they don’t need to roll the dice on paying the ransom. A good disaster recovery plan goes beyond storing duplicate data on external hard drives and using a network of backups to provide both redundancy as well as diversity. A cloud backup can be especially effective, as long as the cloud provider has an ironclad cybersecurity plan in place.

  • Craft an Incident Response Plan: Law firms should also create an incident response plan so employees know exactly what to do if they have reason to believe their work computers have been infected by ransomware. An incident response plan removes any confusion from the situation and helps organizations remediate threats as quickly as possible.

Above all else, attorneys need to assume that a data breach will happen at some point. New threats are emerging every day, and the cybersecurity community can’t possibly account for every single malware strain and vulnerability before an attack is launched. Plan for the worst-case scenario, and you will never be caught off-guard.


If you found this article interesting, be sure to subscribe you and your team to our monthly blog distribution email. This email list is solely for blog distribution purposes and we promise to only send one email per month. To subscribe, simply scroll down and fill out the "Subscribe" form below the comment box.

Topics: Best Practices