ABA JOURNAL
 
CYBERSECURITY

‘Ransomware’ software attacks stymie law firms

In the annals of Internet crime, “ransomware”—software that freezes up a computer, encrypts all its data and demands a ransom for the system’s restoration—is especially malicious. And attorneys are among the targets.

David J. Bilinsky, adviser and staff lawyer at the Law Society of British Columbia, says one of its member firms suffered a hostile takeover of its computers by ransomware late last year. Bilinsky says the attack came on the heels of ransomware takedowns at two other member law firms in 2013.

“These attacks emphasize the need for law firms of all sizes to increase their awareness and implementation of current security protocols,” Bilinksy says.

And this problem doesn’t stop above the U.S. border. “I know one technology and forensics consultant in Virginia who has helped at least 50 firms across many states,” says Dan Pinnington, vice president of claims prevention and stakeholder relations at the Lawyers’ Professional Indemnity Co. “I know many of my practice management adviser colleagues at the various state bar associations have taken calls from firms that have been infected.”

A growing scourge, ransomware is enjoying newfound popularity among hackers with the emergence of CryptoWall, an especially insidious variant of the malware. Since February 2013, more than 600,000 victims worldwide have reportedly been infected, according to an October 2014 report released by Dell SecureWorks.

Like most ransomware, CryptoWall slips past a computer’s defenses by camouflaging itself as an email attachment or link inside an email. The malware is sent in emails that carry innocuous titles such as ‘missed fax’ or ‘voicemail,’ according to the Dell SecureWorks report. Once the ransomware infiltrates a computer hard drive, it quickly auto-encrypts every data file it finds, as well as any other files on attached external drives.

 

IMITATING FILES

With the British Columbia law firms, the ransomware attacks “appear to have come from executable files masquerading as PDFs attached to emails,” Bilinsky says.

Ransomware perpetrators generally demand a nuisance fee for restoration of encrypted files, often $200 to $2,000, according to Dell SecureWorks.

Those who delay paying that ransom—usually after four to seven days—often face threats of being forced to pay even larger sums, according to the report. In one case, a victim was forced to pay $10,000 for the release of encrypted files.

Still, many cybersecurity experts advise attorneys against cutting deals with common criminals. In British Columbia one victimized law firm did pay a ransom of “under $1,000,” but was only able to recover part of the files that had been encrypted, Bilinsky says. “Most people are aware they should avoid clicking on executable files,” says Stu Sjouwerman, CEO of KnowBe4, which offers management, staff training and monitoring programs to boost firms’ cybersecurity. “However, seemingly innocuous documents such as Microsoft Word files can also be infected with malware. That’s why it’s essential for employees to be able to identify and avoid ‘social engineering’ red flags.”

Cybersecurity experts also advise the following tactical defenses against ransomware:

• Block executable files (such as “.exe” files) and compressed archives (such as zip files) containing executable files before they reach a user’s inbox.

• Keep operating systems, browsers and browser plug-ins, such as Java and Silverlight, fully updated.

• Program hard drives on your computer network to prevent any unidentified user from modifying files.

• Regularly back up data with media not connected to the Internet.

This article originally appeared in the June 2015 issue of the ABA Journal with this headline: “Data Kidnapping: Software attacks stymie law firms.”