Ransomware will cost the economy $20 billion in 2021 — and the legal industry is not immune from this threat. In fact, lawyers, legal staff, law firms and court systems are rich targets for cybercriminals because they are trusted with a significant amount of sensitive data.
People may think there are no signs that a ransomware attack is imminent until it is too late, but that’s not the case. Here are some of the early signals that lawyers and staff can watch for to help prevent an attack.
Ransomware attacks happen when a bad actor, a cybersecurity adversary interested in attacking information, phishes — in other words, tricks someone in an organization into clicking on a link or downloading a file that then installs a virus on their computer. It can involve hundreds of attempts against any users on a given network. The frightening part is only one attempt needs to work for the attack to be successful. Once downloaded, the malware will start to encrypt all the files on that individual’s computer — and then move on to any connected system.
Users will eventually receive a ransom demand asking for payment of a certain amount of money — usually in bitcoin or another untraceable cryptocurrency — to decrypt the data. Previously, paying the ransom would solve the problem. More recently, however, bad actors have taken payments and unlocked files but kept the data for sale on the so-called dark web. (They are, after all, criminals.) This outcome is another reason why spotting the early signs of a ransomware attack in the first place is so important.
These are the common warning signs of an imminent ransomware attack that a firm should educate lawyers and staff to watch for:
“Previously, paying the ransom would solve the problem. More recently, however, bad actors have taken payments but unlocked files and kept the data for sale on the so-called dark web.”
Everyone in a law firm should be trained to recognize the early signs of a ransomware attack. There are tools available that will send fake phishing emails to simulate a ransomware attack, test for vulnerabilities and provide valuable information to use in adapting training efforts around common pitfalls.
Any initial sign of a ransomware attack should prompt a user to immediately disconnect from the law firm’s IT network by removing both hardwired (LAN) connections and Wi-Fi access. Once it’s completely disconnected from any other system, the computer can be assessed for possible damage. There are services that will do this, but if cost is an issue, software is also available. However, any trace of the malware must be found and removed, or it will just spread again.
In addition to training staff and lawyers on how to recognize a ransomware attack and what to do if they suspect it’s happening, a firm should regularly back up all its data — preferably to the cloud or an off-site location. That way, if there is an attack, a clean backup is available to reinstall once every trace of malware is removed from the on-site systems. Cloud backup services also regularly scan data for known malware and other viruses, and this acts as a stopgap to any measures a firm has in place.
Ransomware attacks against law firms are only going to increase. Sooner or later, a phishing attempt will sneak in. That’s why everyone should know to watch for the early signs of an infection and how to respond to mitigate potential damage.
