Ransomware Negotiations for Law Practices: Navigating the Complexities of Dealing with Hackers

Law firms are a primary target for ransomware attacks, with cybercriminals targeting legal practices with sophisticated assault techniques.

Law firms are valuable targets for a multitude of reasons, but most recently they have been targeted as law firms are increasingly transitioning data to cloud-based platforms and web-based apps. While these technologies facilitate data accessibility, they also expand the attack surface and significantly increase the probability of vulnerabilities.

While these new technologies facilitate the storage of large tranches of client data and personal information, many firms fail to adhere to standards and best practices, despite increased regulatory mandates and legislation governing the protection of customer data.

Technologies notwithstanding, given the sophistication and sheer volume of ransomware attacks, it is critical to understand how ransomware attacks occur and the importance of a rigorous defense, if your firm is subject to a ransomware attack, it is critical to have a response strategy in place. 

Understanding Ransomware

Ransomware is a deliberate cyber-attack designed to deny access to critical data and systems. 

In a ransomware attack, a cybercriminal will gain credentials to log into the network. Often these credentials are procured via a phishing attack or a similar event in which an unwitting employee has shared login information with the perpetrator.

Upon gaining access, the trespassers often embed scripts designed to be activated at a later point in time. These scripts provide access to the firm's data and infrastructure when activated. Cybercriminals then demand a ransom payment, usually in the form of Bitcoin or another untraceable cyber currency.

Increasingly, criminals are also exfiltrating – or stealing – data, creating a second method of extortion, one to regain system access and the other to destroy the stolen data.

The Legal Landscape

There are multiple considerations for law firms when it comes to countering these attacks. The consequences of these considerations are critical. First, and foremost, are the financial consequences of unsecured data. Ransomware attacks usually result in ransom demands of hundreds of thousands or often, millions of dollars.

Additionally, there are ancillary financial implications to consider.  Among these are forensics analysis to determine the origin(s) of the attacks, breach response efforts to notify clients and employees, as well as fees for mitigation and monitoring.

Cyberattack damages are often devastating, including reputational damages that undermine the trust and foundation of the entire firm. Law practices have an ethical obligation to maintain confidentiality for their clients. There are also potential legal implications of ransomware. Information seized in a ransomware attack can be damaging to those clients if leaked.

Prevention and Preparedness

There are numerous technological, procedural, and educational steps law firms can take to prevent ongoing attacks. In determining the best strategy, law firms should review their technology and preparedness frequently and invest in the tools and training designed to minimize the risk. Developing cybersecurity policies and practices for law firms is an essential requirement for ransomware prevention.

Here are some of the key steps to take as part of a comprehensive cybersecurity plan:

• Data Backups and Recovery Plans: Frequently scheduled backups can ensure that data is protected.  In the event of a breach, regular backups can ensure that data loss is minimal. Similarly, a data recovery plan ensures that there is a systematized approach to disasters or other disruptions.
• Updates and Patch Management:. Automated updates and patch management ensure that software, systems, and hardware have the most recent and responsive defense mechanisms. Often, businesses run into trouble when important updates are not implemented, leaving the organization vulnerable to attacks.
• Constant Monitoring: Maintain vigilant monitoring of systems and networks, ensuring that threats are identified, contained, and eradicated quickly, lowering the risk of ransomware attacks. 
• Cybersecurity Training: Your firm’s employees are the first line of defense against a cyberattack. Training and education about the dangers of ransomware attacks and how they occur can help minimize the risk of occurrence.
• Access Controls: With restrictive controls on access to data, you can reduce the number of potential attack vectors. Another smart approach is to deploy multi-factor authentication to ensure those seeking to log in are legitimate.
• Actionable Processes and Policies: Law practices must focus on prevention and protection. In doing so, updated policies and active defense processes are critical. Conducting an annual cyber assessment is also an integral component of your cyber defense strategy.

Navigating Ransomware Negotiations

If someone were to be the victim of a ransomware attack, they would likely receive communication from the attackers, who would demand a ransom in exchange for regaining access to their data.

When faced with the sudden loss of your data, law firms need to be able to act fast. While most law firms end up paying the ransom, many law firms use outside experts to decrypt the data or have recent backups that mitigate the damage.

If you do choose to negotiate with hackers, please keep in mind the following dos and don’ts:

• Ask for ‘Proof of Life’. Determine the identities, as best you can, of the entities with which you are dealing. 
• Resist Desperation. Despite the stressful situation, do not succumb to pressure tactics instead remain calm and composed.
• Do Not Disclose. Do not share whether your firm has purchased cybersecurity insurance.
• Pay in Increments. Do not offer to pay the full amount at once. Instead, pay a small amount up front and do not send the remainder until the decryption key is offered and you have confirmed it works.
• Put Pressure. Publicize the attack and the tactics used to make it more difficult for the attackers to carry out future assaults.

CONTACT JANUS ASSOCIATES

Ransomware attacks are an ever-present danger for law firms. Only by fully understanding the mechanics, prevention, and implications of an attack, will your firm be in a stronger defensive position.

Janus Associates offers comprehensive cybersecurity consultative services that allow for your firm to be prepared and ready. To learn more about Janus Associates’ services, contact us today.