Of all the cyber threats facing businesses this year, ransomware has become the most prevalent. The FBI estimates that the spread of ransomware has reached an all-time high in 2016, costing businesses over $209 million in the first three months alone. No industry is immune to the threat of ransomware, including the legal industry.
A Florida law firm, who found themselves locked out of their company data unless they paid $2500, was just one of many firms that recently fell victim to this favorite money-making scheme among cybercriminals. Kasperksy Lab estimated that in 2015, 58% of corporate PCs were hit with at least one attempted malware infections.
Lawyers have a responsibility to protect their client’s personal information. Thus, they are under both ethical and legal requirements to safeguard it. The rise of cybersecurity risks has prompted the American Bar Association (ABA) to initiate Resolution 109, encouraging “private and public sector organizations to develop, implement, and maintain an appropriate security program…” Furthermore, ABA Model Rule 1.6 (c) states, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
So what, exactly, is ransomware and what does it do?
Ransomware is a type of malware that, once installed on a computer, systematically makes its way into your company network. Ransomware encrypts any files in its path, rendering them unusable. Once encrypted, the end-user will receive a pop-up letting them know that, unless they pay a specified dollar amount via bitcoin, their files will not be restored.
How is ransomware installed?
Email is the most common way to install ransomware. An end-user unknowingly opens an attachment or clicks a link within a malicious email. This prompts the immediate download and execution of the malware program. Clicking on malicious links within an email or online can also open you up to corruption. The encryption process can take several minutes or hours, depending on the amount of data it finds.
Once infected, most companies have no option but to pay the requested ransom to restore their files. These ransom fees can range anywhere from a few hundred dollars to thousands. When faced with paying the ransom versus missing deadlines, court filings, client files or even loss of reputation, paying the fine often makes sense. Even the FBI recommends paying up in many cases. Just remember, if you pay the fee you are not guaranteed to have your files restored. Cybercriminals are under no obligation to live up to their statements.
How can we prevent this from happening to our firm?
Ransomware and other types of cyber threats are in a constant state of change. While it’s impossible to know exactly how and where they will evolve, prevention is key. Here are a few ways to protect your law firm’s data against ransomware.
- 1) Education – One of the best methods of prevention is end-user education. Since the preferred delivery of ransomware is through email and attachments, understanding how to identify a fraudulent email or a malicious link is paramount.
- 2) Backups – The best method for data recovery is having a good backup. While paying the ransom can often be the quickest method to getting your information back, the attacker is under no obligation to provide the decryption key after you’ve paid. Restoring your data from a backup is the safest way to get your data and prevent a large pay-out.
- 3) Firm Policies & Procedures – In a 2015 study by the ABA, 47% of respondents said their firms had no response plan in place to address a security breach. In the event of an attack or even a suspected attack, law firms must have cybersecurity policies in place to guide them through an appropriate response.
- 4) Firewall / Content Filter – Restricting which websites employees can access is an essential security measure every firm should employ. From our analysis, malware typically tries to access sites that deviate from the most commonly accessed domains. We recommend blocking all domains that are not a .com, .org, .edu, .gov site. This will hinder the progress of the malware calling ‘home’ to get the key it needs to encrypt your files.
- 5) Bait folders – One option for mitigating the spread of malware is to create bait folders. This vigilantly monitored bait folder is simply a fake folder that resides on the firm network or Pcs. Any changes that take place to that folder can then generate an alert to the monitoring party or a rule to immediately shut down any network shares on the network, preventing the malware from spreading. This can prevent a portion of files from being encrypted and can reduce the amount of time needed to restore files from backup.
Ransomware is not a new form of malware and is unlikely to go away anytime soon. In fact, it’s easy to create and virtually untraceable. The best way to protect your firm is through prevention and education.