New Ransomware Attacks Hit Law Firms Hard, Causing Panic

Several law firms have fallen victim to a new round of ransomware attacks that blackmail firms into avoiding exposure of client data. Learn how you should prepare. 

At the beginning of February, five law firms in the United States were attacked with a new round of ransomware. Of those, three were hit within 24 hours. In two firms, a portion of the firm's data was already posted online within just a few hours, and that information included sensitive client data.

Phillip Baumann with BoomTech, Inc, an IT support company for lawyers and attorneys in Boca Raton, FL shares his insights into these attacks and how they could have been prevented in the first place.

What You Need to Know About the Attacks

The ransomware attacks were based on Maze ransomware, which was part of a warning issued by the FBI in early January this year. In these attacks, the perpetrator, which sometimes poses as a government entity, steals data and then encrypts it. The encryption is then used to further extort victims into doing other things, usually paying money to get the information back or keep it from being shared with others.

This type of ransomware began hitting U.S. companies in November 2019. It often uses look-a-like cryptocurrency sites or malspam campaigns to obtain victim information. Companies feel coerced to simply pay the ransom requested so they can get their data back, often feeling like they do not have any other options.

Victims of this type of attack include these law firms, local government agencies, a college, a CPA firm, and a grocery chain.

The perpetrators will generally post the victim's name on their website, and if that does not result in any movement, they will sometimes release small amounts of information as "proof" that they have access to client data. The hacker states that the data is deleted upon successful payment, but it is virtually impossible to know if that is actually being done.

Keep in mind that anyone that is affected by ransomware in this way is required to notify government regulators and affected users. Law firms may also face legal action from their clients who have had their data compromised.

Tricking Law Firms into the Attack

At this point, it is unclear how law firms are being lured into installing the ransomware on their computers. However, it is likely coming from an email with a malicious attachment. The attackers are certainly wording the email in such a way that it seems to be a legitimate email with a reasonable attachment.

The emails often look very genuine, including professionally designed logos, emails that are similar to actual people that the firms know personally, and contact information for real companies that will appear in a simple internet search. The malicious attachment can be virtually anything-including PDFs, ZIP files, Word documents, Excel files, and more.

As of February 3, 2020, there have now been five known law firms that have been affected by this ransomware within the past week. This ransomware attacker has been known to post in a Russian hacker forum, noting: "Use this information in any nefarious ways that you want."

Increasing Security for Law Firms

Because law firms have fallen victim to this con very recently, it is likely that they will continue to be a target of this scam. It is very important that firms increase precautions for both attorneys and staff when it comes to suspicious emails and attachments. If you are not familiar with the sender or something seems off, be sure to check:

• The actual email address used (not just the name associated with the email address)

• Use of urgent language that would compel you to act quickly

• Whether you have macros enabled through Microsoft Office (you may want to shut off or disable this feature temporarily to increase security)

• That you are using secure remote access points

Train staff to be cautious about emails as well. Team members are more likely to see emails from unknown third parties in many situations, and they should be just as wary as attorneys. Encourage verification through non-email means, such as by phone or text.

© 2023 Lawyer Herald All rights reserved. Do not reproduce without permission.
* This is a contributed article and this content does not necessarily represent the views of lawyerherald.com