Affinity Consulting Blog


Most of us are familiar with the dreaded Crypto-Locker ransomware outbreak that started a couple of years ago and continues with variations today. From the email warning quoted below, it appears that a new ransomware outbreak is targeting lawyers and law firms. This is especially dangerous because the email appears to come from an official state bar or lawyer regulatory organization. Be aware!

Subject: MS-ISAC CYBER ALERT - Malicious Email Campaign Targeting Attorneys Spoofs Emails From Statewide Legal Organizations - TLP: WHITE

MS-ISAC CYBER ALERT

TO: All MS-ISAC Members, Fusion Centers, and IIC partners

DATE ISSUED: June 16, 2016

SUBJECT: Malicious Email Campaign Targeting Attorneys Spoofs Emails From Statewide Legal Organizations - TLP: WHITE

In June 2016 MS-ISAC became aware of a malicious email campaign targeting attorneys, which spoofs emails from statewide legal organizations, such as the Bar Association and the Board of Bar Examiners. The subject and body of the emails include claims that “a complaint was filed against your law practice” or that “records indicate your membership dues are past due.” Recipients are asked to respond to the claims by clicking a link which leads to a malicious download, potentially ransomware.

The emails are well written and appear to originate from the appropriate authority, such as an Association official, likely increasing their effectiveness. Reporting from various states indicates a likelihood that this campaign is personalized to individuals practicing in a particular state and may be progressing on a state-by-state basis. The following states have been referenced in public reporting on this campaign: Alabama, California, Florida, Georgia, and Nevada. This targeting may include attorneys working for state, local, tribal, and territorial (SLTT) governments.

Recommendations:

MS-ISAC recommends the following actions:

•Share this information with potentially impacted organizations your area of responsibility, including Departments of Law/Justice, related law enforcement agencies, and agency-specific offices of counsel.

•Train government legal professionals in identifying spear phishing emails which may include spoofed email addresses, unusual requests, and questionable and/or masked links. This particular series of emails includes what appears to be a link to the state bar association, but when the user hovers over the link it shows that the link is really to a different website. Copying and pasting the link, instead of clicking on it, would defeat this social engineering attempt.

•Perform regular backups of all systems to limit the impact of data loss from ransomware infections. Backups should be stored offline.

•Additional recommendations for protecting against and responding to phishing campaigns are available at https://msisac.cisecurity.org/whitepaper/documents/MS-ISAC%20Security%20Primer%20-%20Phishing[2].pdf.

•Additional recommendations for protecting against and responding to ransomware infections are available at https://msisac.cisecurity.org/whitepaper/documents/CIS%20Primer%20-%20Ransomware.pdf.

•Report any suspicious emails to the Internet Crime Complaint Center (IC3, www.ic3.gov), as well as to the legal organization which is spoofed in the addressed email.

Additionally, please do not hesitate to leverage MS-ISAC to assist you in investigating any targeting affecting SLTT entities in your area of responsibility. MS-ISAC performs a variety of incident response services including log analysis, malware analysis, computer forensics, development of a mitigation and recovery strategy as well as network and application vulnerability scanning. Requests for these services can be obtained by calling 1-866-787-4722 or sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it.

Center for Internet Security (CIS)

Integrated Intelligence Center (IIC)

Multi-State Information Sharing and Analysis Center (MS-ISAC)

Let's Get Started Today

with a plan that's right for your practice.

Let Us Teach You

Take advantage of our blog resources, sign up for our law office technology white papers, take a course from Affinity University, Attend all of our Live Events.

Start Now


Hire Us To Do It For You

Hire Affinity Consulting Group to make your law office run more efficiently than ever… We can deliver the hardware, the software, and the training that is perfect to make your law office more efficient.

Start Now


Work With Us

We can give you expert guidance, helping you make smart choices for your law firm. We can help you analyze your current situation and make suggestions that will point you in the right direction.

Start Now


Sign up for our newsletter and

keep your law office efficient.

Join over 4,000 successful law firms who receive our newsletter today.

Email:

Read Our Previous Newsletters