What Every Lawyer and Law Firm Can Do to Combat Ransomware by Brad Paubel
R
ansomware is a massive problem. A $20 billion problem in 2021, to be exact. Any business and organization can be a target—including and especially law firms. That’s because, like banks and hospitals, law firms possess a significant amount of sensitive data entrusted to them by clients. That can prove irresistible to ransomware hackers, who are increasingly organizing sophisticated operations that run like a business, except their focus is cybercrime. There is also much at stake for any business that falls victim to a ransomware attack. In addition to having sensitive information fall into the hands of organized criminals, those bad actors can demand as much as $700,000 per server to release data. The average total ransomware amount paid is now around $1.2 million per incident. There is also the uncertainty as to whether cyber criminals can be trusted to decrypt the data when a ransom is paid and not sell it on the so-called dark web to other nefarious individuals. Thankfully, there are ways lawyers and law firms can protect themselves to both prevent a ransomware attack and even stop one that’s in progress before a situation becomes dire. In addition, it is not always necessary to pay a ransom—but that will depend on how quickly a breach attempt is spotted and stopped.
How Ransomware Works Ransomware attacks happen when a bad actor tricks someone in an organization to click on a link or download a file that installs a virus on their computer. This activity is called “phishing” and can involve hundreds of attempts against any computer user on a given network. Once downloaded, that malware will start to encrypt all the files on that individual’s computer—and then move on to any system connected to that computer. The malware does not stop with one computer or device: anything on the same network will soon be vulnerable. These attacks are organized and directed. Sometimes there are hundreds of people working together to penetrate
6
Attorney Journals Orange County | Volume 188, 2021
a particular business. They also do their research and will tailor ransom demands to the size and revenues of the designated target. Once a network is infected and as many files as possible are encrypted, users will receive a ransom demand asking for payment of a certain amount of money—usually in Bitcoin or another untraceable cryptocurrency—to have the attackers decrypt the files. Previously, paying the ransom would unlock the data. More recently, however, ransomware criminals have taken ransom payments and unlocked files but then also keep the data and offer it for sale on the dark web. Yet another reason why preventing a ransomware attack in the first place is so important.
Early Signs of a Ransomware Attack A ransomware attack does not happen without visible signals that, if noticed, can prevent substantial damage from happening. These are the most common warning signs: • An increase in phishing attempts. If a firm’s lawyers and staff start noticing a significant uptick in spam emails, that could be a sign bad actors are looking for ways to plant malware. Since it only takes one person clicking on a bad link or mistakenly downloading a virus-laden file to potentially infect an entire network, any increase in phishing attempts should immediately set off alarm bells. • Unauthorized access alerts. A firm’s network administrator may see an increase in unauthorized access attempt notifications. Individuals could also receive emails letting them know someone has tried to reset their passwords. This activity could indicate a ransomware attack is underway. • Virus protection alerts. If an outside bad actor is trying to place malware on someone’s computer, any installed virus protection software may raise an alert