The phrase “ransomware” sounds scary enough already, but for law firms it is even more ominous.
That’s because firms are entrusted with large amounts of confidential and sensitive data belonging to their clients and others. The consequences can be dire indeed if this information is seized and held hostage.
Recently, hackers have taken this approach, with at least five firms being attacked in January 2020.
“The attacks are part of a coordinated effort potentially affecting nearly 200 victims,” writes attorney and risk management expert Seth Laver for Professional Liability Matters. “Rather than delivering a ransom note to the infected system and waiting for payment, the recent hackers are publishing the victim’s name on a public website. If the victim does not pay, the hackers post a small amount of stolen data–client data–online as proof. Still won’t pay? Then the hackers slowly publish the client’s remaining data. The hackers are leveraging the target law firm’s obligation to maintain client data and to make the impossible decision of paying the ransom or publicly expose a client’s information.”
Today’s Cybercriminals are getting more and more sophisticated. Alta Pro invites you to join in on a conversation with attorneys Kevin O’Hagan and Jamey Davidson, recognized thought leaders in Data Breach and Cyber Liability. The FREE one-hour CLE webinar “10 Things Lawyers Should Know About Cyber Liability” will be presented Tuesday, March 31 (12 PM Central/1 PM Eastern). This webinar is approved for one hour of free CLE credit as a benefit of your Alta Pro RPG membership. Seats are limited, so reserve yours today.
The threat to law firms and their clients has “magnified substantially,” Laver reports. The ransomware of choice in the January attacks was apparently Maze software.
“The FBI warned of Maze in December 2019, and called for vigilance to combat this particular attack which began hitting the US in November 2019,” according to Professional Liability Matters. “According to the FBI, Maze used multiple methods for intrusion, including spam communications that impersonate government agencies and others. Of course, Maze is just one of different strains of ransomware emerging of late.”
Hackers can’t cause damage without first breaking into your network. They do that by delivering ransomware imbedded in emails with PDF, ZIP, Word, Excel attachments.
“Opening a malicious attachment may deploy the ransomware immediately or in the future,” Laver writes. “We don’t yet know the exact nature of these attacks, but it is generally understood that the vulnerability is the point of access and therefore the need to take precautions to shore up phishing security.”
Risk Management Takeaways:
- Sign up for the FREE webinar “10 Things Every Lawyer Should Know About Cybersecurity in 2020.” The program is presented on March 31. It carries one free hour of lawyer CLE credit. Sign up here.
- Train your staff to identify and report suspicious emails: “think before you click.”
- Learn about emerging threats and attack mechanisms.
- Contact the sender directly if the email directs you to transfer money or if red flags go off for other reasons.
- Purchase cyber liability insurance.
If you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan, you can stay a step ahead of the competition by being a member of Alta Pro Lawyers RPG. You’ll get access to free webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.