Ransomware attacks are on the rise, grabbing headlines on a global stage. In April 2016, the Federal Bureau of Investigation warned that cyber criminals have already extorted $209 million from companies in just three months.
This statistic showed that ransomware was on track to become a billion-dollar crime by the end of last year, but that’s just part of the story. This phenomenon is doing far greater damage to businesses when you factor in the cost the following:
- Payment of the ransom
- Increased staff resources to resolve the problem
- Operational downtime after the attack
- Replacement of computer systems and hardware
As a result, ransomware attacks could be costing businesses more than $75 billion per year. This year ransomware attacks have been accelerating on a massive scale across all industries and show no signs of slowing down.
Last year, ransomware emails increased by 6000% compared to 2015. According to Osterman Research, email was the primary delivery method of ransomware, accounting for 59% of infections. Furthermore, 40% of spam emails were infected with ransomware.
The largest attack so far came last May when the WannaCry ransomware attack infected thousands of computers around the world. When this attack occurred, international law firms like DLA Piper shared their expertise in cybersecurity compliance and offered solutions (which included 24/7 Rapid Response hotline and crisis management teams) for businesses affected by the attack.
A few weeks later, DLA Piper themselves had to shut down for several days because of another rapidly spreading ransomware attack called Petrwrap/Petya. This particular attack seems to have originated from the firm’s office in Madrid, Spain and quickly shut down their operations across Europe, Australia, the Middle East and the US as both their email and phone systems were affected.
DLA Piper has been tight-lipped about how they were infected. It could come have from an email, a mobile device used by an employee or a client, or through vulnerabilities in WiFi endpoints.
Targeting law firms is nothing new, in fact, DLA Piper is far from the first firm to be attacked. The cost of this attack can be huge, given the fact that attorneys operate on a constant series of deadlines, where documents make up the core of their work. Consider trial lawyers being unable to prepare for trial as they couldn’t access key documents, or litigators being unable to access motions on a deadline.
Law firms that are vulnerable to an attack, risk having their systems completely wiped out, or place their client’s private and sensitive information in jeopardy.
Most often, the biggest mistake IT directors make is having vulnerable machines on the network (if you’re still running Windows XP, get Microsoft’s patch immediately). Another problem is that staff sometimes lack cyber security threat awareness training.
To ensure that you’re not a victim of a ransomware attack, there are certain steps your firm can take to protect its IT infrastructure:
- Early stage fact-finding initiatives (map data assets, key contacts, infrastructure, and resources)
- Review existing protocols and response plans
- Gap analysis (identify weaknesses and deficiencies and prioritize rectification)
- Implement necessary updates
- Utilize strong spam filters
- Scan all incoming mail
- Maintain a robust firewall
- Develop an incident response plan
- Ongoing staff training on cyber security threats
Ransomware attacks aren’t going away anytime soon, in fact, they are expected to grow at an exponential rate. To stay relevant and compliant, law firms will have to take on an active role to keep cyber criminals at bay.