Over a dozen law firms in Europe hit by ransomware
June 15, 2016 |
Ransomware is providing itself an equal opportunity attacker. Health facilities and hospitals have been particularly targeted. Hospital records are sensitive their use are constant and critical. They are willing to pay. Health facilities also have notoriously poor privacy standards, especially in the handling of emails.
But logically there is no good reason why ransomware attacks would not do as well with a profession where records are sensitive and required on a constant basis. Such as law. As reported in Law firms held to ransom by cyber criminals over a dozen Irish law firms have been hit by ransomware attacks in recent weeks. This is a variation on a theme. Law firms being the subject of some form of cyber attack is nothing new. In 2009 and 2013 the FBI warned that hackers were targeting law firms. In 2013 the American Bar Journal highlighted the need to protect data from hackers.
A ransomware attack is just an email away. Given many organisations do not come close to having adequate data security standards and training ransomware attacks are becoming an endemic problem.
It provides:
Over a dozen law firms have been held to ransom in recent weeks as attacks by cyber criminals increase.
In some cases hackers have demanded tens of thousands of euros not to delete all the files on the computer systems, which include private client information.
Solicitors are particularly vulnerable targets because of the large sums of money in their client accounts and huge volumes of data stored on the computer.
Cybercriminals hack into a computer system, often with an infected email, and encrypt all the files.
Money is then demanded for the key to unlock them. This type of attack is called Ransomware.
Security experts said attacks on the legal profession are increasing.
One IT security company alone has dealt with 14 law firms who have been targeted by cyber criminals over the past three months.
In all of these cases no ransom was paid and data was restored from backup systems.
Declan Branigan of eXpd8 IT services said it is becoming an epidemic which is not only affecting legal firms but all types of businesses.
He said this type of attack can cripple businesses and shut down computers for days preventing firms from operating.
He said while it is impossible to prevent these attacks there are measures that can be taken to reduce the risk including having up to date anti-virus software, web filters and a firewall.
Mr Branigan said if a company is attacked the computer system should be shut down immediately.
Most of these attacks go unreported for fear of losing client confidence.
One solicitor who spoke to RTÉ news, and wished not to be named, said it was potentially disastrous for his firm.
He said he panicked when he realised the seriousness of the attack and that the client account system was in jeopardy.
He continued “we would be accountable for a closing balance of €4-5m every day to clients and trying to identify 2,500 clients, whose money was actually in the account to the cent, was never going to be achievable going forward”.
He did not pay a ransom and the financial client accounts were restored from a back-up system. However, he did lose some data.
The Irish Law Society has issued a warning to its members to be vigilant and take precautions.
Its President Ken Murphy said it is important that solicitors have security measures in place and back up their data.
[…] Over a dozen law firms in Europe hit by ransomware […]