Of all the cyber threats facing businesses this year, ransomware has become the most prevalent. The FBI estimates that the spread of ransomware has reached an all-time high in 2016, costing businesses over $209 million in the first three months alone. No industry is immune to the threat of ransomware, including the legal industry.
A Florida law firm, who found themselves locked out of their company data unless they paid $2500, was just one of many firms that recently fell victim to this favorite money-making scheme among cyber criminals. Kasperksy Lab estimated that in 2015, 58% of corporate PCs were hit with at least one attempted malware infections
Lawyers are under both ethical and legal requirements to safeguard the sensitive personal information they are entrusted with. The rise of cybersecurity risks has prompted the American Bar Association (ABA) to initiate Resolution 109, encouraging “private and public sector organizations to develop, implement, and maintain an appropriate security program…” Furthermore, ABA Model Rule 1.6 (c) states, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
So what, exactly, is ransomware and what does it do?
Ransomware is a type of malware that, once installed on a computer, systematically makes its way into your company network, silently encrypting any files in its path, rendering them unusable. Once encrypted, the end-user will receive a pop-up letting them know that, unless they pay a specified dollar amount via bitcoin (an online digital currency that is centered on privacy, making it nearly impossible to trace), their files will not be restored.
How is ransomware installed?
The most common way ransomware gets installed is through email. An end-user unknowingly opens an attachment or clicks a link within a malicious email, prompting the immediate download and execution of the malware program. Clicking on malicious links within an email or online can also open you up to corruption. The encryption process can take several minutes or hours, depending on the amount of data it finds.
Once infected, most companies have no option but to pay the requested ransom to restore their files, which can be anywhere between a few hundred dollars to thousands. When faced with paying the ransom versus missing deadlines, court filings, client files or even loss of reputation, paying the fine often makes sense. Even the FBI recommends paying up in many cases. Just remember, paying the fee does not guarantee that your files will be restored as criminals are under no obligation to live up to their statements.
How can we prevent this from happening to our firm?
Ransomware and other types of cyber threats are in a constant state of change. While it’s impossible to know exactly how and where they will evolve, prevention is key. Here are a few ways to protect your law firm’s data against ransomware.
- Antivirus – Antivirus is the most basic tools for blocking ransomware. When you consider there are over 390,000 new malware variants surfacing every day, it becomes clear that Antivirus solution should be your first and most basic line of defense.
- Backups - The best method for data recovery is having a good backup. While paying the ransom can often be the quickest method to getting your information back, the attacker is under no obligation to provide the decryption key after you’ve paid. Restoring your data from a backup is the safest way to get your data and prevent a large pay-out.
- Firewall / Content Filter – Restricting which websites employees can access is an essential security measure every firm should employ. From our analysis, malware typically tries to access sites that deviate from the most commonly accessed domains. We recommend blocking all domains that are not a .com, .org, .edu, .gov site. This will hinder the progress of the malware calling ‘home’ to get the key it needs to encrypt your files.
- Education - One of the best methods of prevention is end-user education. Since the preferred delivery of ransomware is through email and attachments, understanding how to identify a fraudulent email or a malicious link is paramount.
- Establish security policies & procedures – In a 2015 study by the ABA, 47% of respondents said their firms had no response plan in place to address a security breach. In the event of an attack or even a suspected attack, law firms must have cybersecurity policies in place to guide them through an appropriate response.
Ransomware is not a new form of malware and is unlikely to go away anytime soon. It’s easy to create and virtually untraceable. The best way to protect your firm is through prevention and education.