Here’s a hypothetical story of a mid-size law firm suffering a ransomware attack and the damage that was caused. Please note that this is a fictional scenario and is not based on any specific real-life event.
It was a typical Wednesday morning at the law firm of Thompson, Rodriguez, and Associates when the IT department noticed something strange happening with the firm’s computer systems. As they began to investigate, they quickly realized that the firm had fallen victim to a ransomware attack.
The attackers had encrypted all of the firm’s important data and demanded a large sum of money in exchange for the decryption key. Without access to their client files, case notes, and other critical data, the lawyers at the firm were unable to work.
The partners at the firm immediately began trying to negotiate with the attackers, but they were unable to come to an agreement. With no other options available, the firm was forced to pay the ransom in order to regain access to their data.
The attack had a devastating impact on the firm. In addition to the financial cost of the ransom, the firm lost a significant amount of business due to the disruption caused by the attack. The lawyers were unable to meet deadlines, and some clients chose to take their business elsewhere.
To make matters worse, the attackers had also stolen sensitive client information during the attack, which had to be reported to the appropriate authorities and to the affected clients. This led to a loss of trust in the firm and further damage to their reputation.
In the end, the ransomware attack ended up costing the firm hundreds of thousands of dollars and had a long-lasting impact on their business. It was a painful lesson in the importance of having strong cybersecurity measures in place to protect against these types of threats.
Yes, this is a fictional story. But it’s anything from far-fetched. I have heard many accounts, in detail, that mirror the experience described above.
Yet, for some reason, the ostrich approach prevails in far too many law firms. They truly believe it won’t happen to them and delay in taking proactive measures.
Ransomware attacks have the potential to completely shut down a law firm, causing significant financial loss and disruption to daily operations.
They come in two forms: one involves cyber-villains sneaking into your system and encrypting its data to make them unusable until you agree to pay for an encryption key to unlock them; the other involves bad guys again infiltrating your system but this time shutting down the entire thing so you can’t get any work done until you pay a ransom.
Ransomware attacks are favored above all other types of cybercrimes because they’re easy to do and because the pool of potential victims is so large – its’ primary targets are the many law firms and other businesses that haven’t implemented sufficient cybersecurity protections to prevent hackers, phishers, and email compromise artists from implanting ransomware programs or scripts.
Another reason cybercrooks love ransomware is that the victims in at least half the attacks can be counted on to fork over the demanded illicit sum.
Unfortunately, paying the ransom is against the law in the U.S. (which is why your cyber-insurance policy won’t reimburse you if you do pay). Besides, if you hand over the dough, you have no assurance that the cyber-crooks will honor their word (a lot of them don’t) and release control of your data or system back to you. Nor do you have the assurance that they won’t make off with all the data they’ve got their sticky fingers on during the time that your system is under their control.
So the best way to avoid this pickle is to never be in a position where the demand for payment can be made against you. In other words, beef up your cybersecurity policies, procedures, and technological defenses as quickly as you can.
Next time (and the two times after that), I’ll offer some Simple Stupid Security Tips for preventing ransomware attackers from jimmying open your system with their virtual equivalent of a crowbar. For example, if you haven’t done so, you should turn on multi-factor authentication to help protect your login credentials. Likewise, you should be using a password manager. There’s more, so please be sure to read the coming three installments of SSST.