Due to their high volume of sensitive information, law firms are often the victims of cyber-attacks. Black Fog data collected by a data-protection site found that ransomware attacks increased up to 49 percent in the first half of 2022. This trend is expected to continue. The report stated that 2.3% of ransomware attacks were in the legal industry, making it the UK’s fourth most targeted industry in 2022. A further increase is expected. In 2022, the USA had the most attacks, with 36 incidents reported. The UK was second with seven incidents. Ransomware is so popular that demand prices have increased, further damaging financial damage to a business.
The government could freeze the assets of a company that pays the ransom. This is because the government views this as funding criminal activities.
Ransomware comes in different types with different risks. The most common is crypto-ransomware. The company is unable to access the files and content without the decryption keys. The legal industry is obligated to keep confidential files of clients and companies. This can lead to a tempting decision to cave in. Lockers, a type of Ransomware, locks out the company’s system and displays a lockscreen to display the ransom demands. Often with a timer to escalate the situation. Scareware, or fake software that claims to detect a virus, will ask you to pay if you want to fix the problem. It can take the form of a computer locking or an influx of pop up alerts.
Ransomware gangs are not discriminating based on company size or revenue, so anyone is vulnerable. The same amount of money was targeted by ransomware gangs as companies with revenues less than PS3 millions. Small businesses often lack the necessary resources to protect themselves from these attacks, putting them at risk. The larger companies will have a greater number of sensitive documents and the money to pay a ransom.
These criminal organizations are attracted to the personal information held by legal firms, causing a rise in attacks. The threat of cybercrime is a warning to the legal sector that sophisticated security measures are needed.
Law firms that have been attacked
Not all ransomware incidents result in the recovery of data. These gangs have a reputation for being ruthless, intelligent and calculating. The gangs are also confident that their threats will be taken seriously, which leads to an increase in the monetary demands.
- A ransomware gang issued a serious threat to Grubman Shire Meiselas & Sacks, a law firm that provides legal services for the entertainment and media industry in 2020. The ransomware group demanded at first $21 million. This was soon doubled. The ransomware group used the fact that the legal firm represents several celebrities to their advantage, leaking information on Lady Gaga. The FBI told Grubman Shire, Meiselas and Sacks to not pay any money at all. They eventually recovered most of the data but some remain lost.
- A ransomware group targeted HWL Ebsworth in 2023, one of Australia’s biggest law firms. HWL Ebsworth is Australia’s biggest bank and also represents the federal government, making it a desirable target for gangs. The breach was revealed to the public when the gang claimed they had over 4TB worth of data. ABC News reported that a portion was released at a later time with the message “Enjoy!! According to ABC News, a portion of this data was published at a later date with the message: “Enjoy!!
The preventative measures to be taken
It is more effective to prevent these attacks than to try to counteract an attack after it has already taken over the software. Once the malware has entered the network, damage is done. You are now at the mercy and vulnerability of the cyber-thief. You have two options: either allow the data to get stolen, or compromise the integrity of your business and customer information. You can pay a ransom for the data to be restored, but this could lead to legal implications. Make sure you have security measures in place to protect both your files and clients.
- An audit of your firm’s IT and cybersecurity. Obtaining a cyber insurance policy.
- Installing antivirus software can help you secure your data. You can also keep backups on a cloud drive or hard drive to ensure they are always accessible.
- Enabling firewalls adds an extra layer of security, allowing it to filter out any suspicious attempts that may enter your network.
- It may seem harsh to enable zero-trust security, but it will ensure that all attempts at accessing the network have been verified. This includes both external and internal attempts. The systems will only be accessible by authorised devices, reducing the risks of external attacks.
Your legal obligations when dealing with ransomware
In May 2019, the UK imposed financial sanctions in accordance with the Cyber Sanctions regime. Here, the goal was to stop cyber activity that would compromise national security. Assets will be frozen and travel bans will be imposed on the person who caused the breach, making any money that the criminal organization had gained from ransomware inaccessible.
Reporting ransomware to Action Fraud is the first thing you should do when dealing with it. HMG will investigate if the incident has been reported, especially if ransomware payments have been made. The prosecuting authority will decide if prosecution is necessary based on the findings of the investigation.
Paying the ransom is not recommended by the government as it compromises security and encourages criminals. It also does not guarantee the attackers will restore the data, as 20 percent of the organisations that paid the ransom were unable to recover their files.
To reduce the likelihood of becoming their next victim, ensure that files and software are secure.