Have you heard of ransomware? It is a term often in the news. Ransomware is a type of malware. For those who have heard of it but don’t know what exactly it is, malware is a type of software that is designed to disrupt, damage, or gain unauthorized access to a computer. Ransomware, in particular, is designed to spread across a network of computers and very quickly disable computers, file servers, databases, and servers within an entire company by encrypting the contents. Then a ransom is requested, typically money, to have the data unencrypted. Once ransomware spreads across a company’s network, it can bring a business to a halt.
The common method by which ransomware gets onto a computer is through phishing emails. Phishing emails are fake emails sent by hackers to trick the recipient into falling for a scam. The most common trick is to try to get the recipient to reveal personal information such as a username/password combination or other sensitive information. The emails contain malicious attachments or links to a malicious website that will install itself automatically if the attachment is opened, or link followed. Phishing emails are written in such a way that, if the recipient does not pay attention, they can fall prey. Though perpetrators are after money, paying the ransom does not always mean the hackers will decrypt your files. Many hackers will steal your data before encrypting it. Ransomware victims usually fall victim again within a year. It is very important to always pay attention to what you click – it may be a trick.
Ransomware is not new but has been recently on the rise. In 2021, 68.5% of businesses around the world fell victim to ransomware, up from 55.1% in 2018, and comprised 23% of all cyber-attacks. In the first half of 2021, victims of ransomware had paid almost $600 million to hackers according to a report released by the Treasury Department.
In the last year, law firms have seen an influx of ransomware attacks. This can be attributed to several factors, including the fact that law firms may lack adequate cybersecurity preparedness as they believe they will not be targeted by hackers. Law firms are required to keep their clients’ data confidential. Firms that may have weak security policies and networks could face legal liabilities if their clients’ data is stolen and eventually exposed. Firms can also suffer reputationally and financially if their systems are breached and more so if the data is exposed.
There are several steps firms should consider to prevent such attacks.
- Enable Multi-Factor Authentication (MFA):
Multi-Factor Authentication (MFA) is a log-in that requires the individual to provide two or more verifications to gain access. It combines what the user knows, such as a password; what they have in their possession, such as a security token (keyfob, mobile application, email or text with a verification code); and who the user is (biometric verification). If one’s password is compromised, the hackers are unable to gain access without knowing the second method, which typically is in possession of the individual.
- Back up your data:
Having your data backed up is one of the best measures you can take, but backed up data can be corrupted and encrypted by ransomware as well. Some best practices include:
- Back up with multiple versions. Back up to a solution that stores different versions so you can revert to a version that was saved from a week ago, for example.
- Back up often. Don’t only back up once a month.
- When backing up, follow the 3-2-1 backup rule – have 3 separate copies of your data that is stored on 2 different forms of media, with 1 copy that is stored off-site.
- Don’t rely on cloud syncing services such as Dropbox, OneDrive, Box, etc. as your only source for backup. Because these synchronize your files right away, should your computer be encrypted with ransomware, the files in these cloud services will be encrypted as well.
- Keep software and operating systems up to date
Keeping software and operating systems up to date is important. Hackers love exploiting security flaws not only in operating systems but software as well. They write code to take advantage of these flaws and infect your computer with malware which can encrypt or steal your files, including passwords. Installing updates can fix these security flaws and help prevent unauthorized access. Installing updates not only can fix security flaws but introduce new features.
- Implement employee training on best practices
Employees at your firm are the target of these attacks. Hackers will use phishing emails as the primary method to target employees. The goal is to have them divulge personal information such as log-in information or trick them into clicking on links or opening attachments that contain malware. The malware takes advantage of unpatched security flaws in software and operating systems. Training your employees to watch out for these types of emails, to never click on strange links or open suspicious attachments, what to look for and best practices can help mitigate exposure. It is also highly recommended to conduct this training annually.
- Have a robust Information Technology (IT) infrastructure
Hackers target firms both through human attacks (phishing emails, spear phishing calls) as well as technological. Human defenses through proper training and awareness are as important as technological. Proper technological defenses include properly setup email security and protection software, firewalls, network intrusion protection devices, multi-factor authentication, and endpoint (computer) antimalware protection software.
Having a robust infrastructure in place is not enough. Firms should test backup integrity and restoration processes often and have one isolated backup so it cannot be encrypted or destroyed.
- Have a plan if you fall prey to ransomware
- Isolate and identify the attack:
If you believe you have fallen prey to a ransomware attack, attempt to isolate the infected computing devices by disconnecting them from the network. This includes any devices such as hard drives that are connected either via a cable or a network share. This can help prevent the spread and keep other devices on your network safe.
- Assess the attack:
Assess the damage done by the attack. This includes gathering information such as where the attack originated from, what time it started, how many devices it may have infected and how many files have been encrypted. Are any of the affected files backed up? Is the backup set infected? Has a ransom been made, and how much is it? Are you willing to pay? And be prepared to have a plan should the hackers not decrypt the files.
- Report the attack:
Often, reporting ransomware attacks is required by law. You should check with your local and state laws. It should also be reported to the FBI’s Internet Crime Complaint Center (IC3).
- Data recovery:
If you don’t have a safe backup, you can reach out to local law enforcement or forensic experts to see if they can find decryptors which may be able to remove the encryption on your files. There is no guarantee this would work.
If you do have a safe copy of your data, you can start the recovery process. You should first completely format and reinstall the operating system and software on the affected computing device(s) before copying your data back and putting it on your network.
- Look at preventing another attack:
There are several things you can do to help mitigate another attack. Hackers will return if they were successful in the past. The first thing to do in thwarting another attack is to ensure your employees are properly trained using security awareness training and having annual training sessions. Next, ensure that your IT infrastructure is properly set up and that you back up your data. You can partner with cybersecurity providers for them to check your setup to ensure it is well protected.
Your computing network is as strong as your weakest link. Proper setup and training can help. The best solution for any organization is to prevent ransomware attacks in the first place.
Planet Depos has been working with law firms on highly confidential matters for over a decade. For more tips, check out the PD Blog. To schedule, contact Planet Depo at schedulenow@planetdepos.com or schedule online.