Fraud Alert: Law Firms targeted with Ransomware
Fraud Alert: Law Firms targeted with Ransomware
As I’m sure many of you will have seen, a concerning survey came out this week which revealed that legal firms are falling victim to a form of cyber crime known as Ransomware, and worryingly in many cases are actually knowingly paying money to cyber criminals in order to regain access to their confidential client data.
I therefore wanted to make sure all my contacts at Law Firms were aware of what is happening, as it seems that law firms are the latest perceived “soft target” for these money making cyber criminals.
For those who aren’t aware, ransomware is a form of malicious software (malware), which effectively hijacks your firm’s data by encrypting it, rendering it unusable. The cyber criminals then demand payment of a ransom in order to provide the security key needed to decrypt your data.
The impact of such an attack can be devastating to the financial and structural stability of a law firm. To give you a flavour for the impact, the newly published survey conducted by Timico and Datto which included 250 law firms and 750 other UK businesses, revealed that:-
• 88% of law firms who were hit by this kind of attack experienced systems downtime of a week or more.
• 33% of law firms lost access to their data for more than a month, while 14% said it was “unrecoverable”.
• The effects of the attack were almost instant with 68% stating their data systems went from fully functional to essentially useless with seconds or minutes.
• 53% estimated it cost their firm between £1000-£2000 a day in lost revenue, due to systems being down. A third of law firms could not estimate the overall cost to their business, describing it as “unquantifiable”.
• More than a quarter of law firms ended up paying cyber criminals £5000 or more to retrieve their data.
On top of the operational and financial impact of such an attack, the access to a firm’s confidential client data by an unauthorised outsider also poses a significant threat to client confidentiality and therefore SRA compliance. Furthermore it also risks a breach of data protection compliance and, with the imminent arrival of the stringent requirements of GDPR, this in turn not only risks significant fines but also leaves the firm open to massive reputational damage.
Be under no illusion, ransomware is big business for the cyber criminals behind it, as it provides them with a relatively easy way to earn large sums of money quickly. According to the Trustwave Global Security report, the return on investment for ransomware authors and practitioners is estimated to be over 1400%, which helps to bring clarity as to why this threat is so prevalent and is growing at such an alarming rate. Compared with other types of cybercrime, ransomware is also relatively low risk to the attacker, with none of the complications of trying to sell on stolen information, and payments being made in the near untraceable “bit coin” currency.
Naturally, criminals are trying to maximise their income from this business, and targeting law firms offers them a much higher margin opportunity, since higher ransoms can be charged for the business critical and confidential client data that law firms will be storing on their computers.
It is also significant that according to the recent research, legal firms were more likely to pay crooks to access their encrypted data than those in the three other sectors surveyed – retail, leisure and hospitality and banking and insurance. This would seem to suggest that many law firms have not fully assessed or planned for the risks around such an attack and as such are being perceived as a “soft target”. It is also worth noting that in some cases firms have paid ransoms but their data has not been decrypted, leaving them bearing both the financial losses of the ransom and the impact of losing their data.
While some law firms see threats like ransomware as a reflection of the digital age in which we now live, the reality is that such threats have been around since the days of the Highwayman, they just take a slightly different form in the modern era. Sadly, there will always be criminals who are looking to capitalise on the success of others, in order to earn a dishonest living for themselves, and of course they will target those who are least prepared and most vulnerable.
Does this mean that law firms should abandon or shy away from the use of modern technology? Absolutely not. That could be likened to saying you won’t buy a home because some houses get burgled. The reality is, just as you’d make your home more secure against a break in, so law firms need to make their businesses more secure against cyber threats, and where they do not have the technical expertise in-house to do so, take expert advice from a security specialist.
As someone who runs a secure private cloud solution for Law Firms, understanding cyber security threats such as ransomware, and implementing the complex blend of technologies, processes, procedures and training that are needed to minimise the risks from these threats, are paramount to my firm’s success.
If you would like to discuss ways in which Xara Computers can help you reduce your law firm’s risk from cyber security threats, please do not hesitate to contact myself, or my colleague Andrew Banning, on 0208 732 5656 or email us on firstname.lastname@example.org or email@example.com
Powered by WPeMatico