Ransomware Today: Top Tips for Law Firms
Ransomware has been a curse for quite a while. Law firms are one-stop shopping for cybercriminals, alluring because they hold the data of many people and businesses.
More than 80% of attacks today exfiltrate or take your data. That means you have a data breach – and potentially a number of legally required notifications. Attackers will try for two ransoms, one for the decryption key to restore your data and – if you’ve been lucky enough to be able to restore your data with known good backups that are NOT connected to your network, the cybercriminals will still demand a hefty ransom to keep them from selling or leaking your data. They’ll put pressure on you by calling the media or they will call your clients themselves to let them know that their data will be leaked or sold if a ransom is not paid.
The average ransom paid at the beginning of 2021 was $118,000 – by the end of the year, it rose to $322,000.
Ransomware now comprises more than 75% of cyberinsurance claims. Which is why you are paying more (30-40% more) for your premiums and getting less (as coverage exclusions proliferate). One increasingly common provision excludes attacks by nation-states. Often, it is unknown who the attacker is – and who is going to prove whether the attack was a nation-state attack? We are already envisioning the court battles.
Humans are a factor in these attacks more than 80% of the time – whether by clicking on a link, failing to abide by policies, using poor passwords, etc. We’ve even seen insiders selling out their employers for a portion of the ransom. Don’t ever assume that insiders, especially disgruntled insiders, can’t be a threat.
Remediation costs 10 times more than the ransom paid on average. This is one reason why some victims and their insurers may want to pay the ransom. They are counting on a good outcome, which is not always wise. If the cybercriminals retain your data, they may demand another ransom. And if you paid for a decryption key, it rarely works for 100% of your data.
By the end of 2021, the military – as well as both Microsoft and Google – announced that they had joined the fight. The military said they would impose costs on the ransomware gangs, though understandably declined to reveal the specifics.
Corporations are going to court to seize control of malicious websites. Our government is arresting gang members and offering millions of dollars for the identification of major ransomware players.
Russia itself shut down REvil, one of the most notorious Russian ransomware gangs in January 2022, based on information provided by the U.S. In retrospect, who knows why? Were they placating us in advance before the war on Ukraine? Who knows? Their cooperation here remains a mystery to us.
Our top tips for combatting ransomware:
- Use multi-factor authentication
- Upgrade your router and firewall to include Intrusion Detection and Intrusion Prevention functionality
- Keep software updated and patched
- Use strong, complex passwords and a password management tool
- Install Endpoint Detection and Response (EDR) software on all endpoints
- Require annual mandatory cybersecurity awareness training for all personnel
- Utilize a cloud backup provider to help protect your data from ransomware
- Implement phishing testing for all employees
- Utilize WPA2 or WPA3 to encrypt all wireless networks
- Disable all unneeded network services
- Change all factory default settings
- Implement inactivity timers for all devices
- Maximize log collection and retention
- Begin implementing Zero Trust architecture
Could we go on and on with tips? Yup, but then your heads would hurt. Enough for now. Get these 14 things done and you’re way ahead of most of your colleagues.
Authored by: Sharon D. Nelson Esq.
Sharon D. Nelson, Esq., is the President of Sensei Enterprises, Inc., a digital forensics, cybersecurity and information technology firm in Fairfax, Virginia. Ms. Nelson is the author of the noted electronic evidence blog, Ride the Lightning and is a co-host of the Legal Talk Network podcast series called “The Digital Edge: Lawyers and Technology” as well as “Digital Detectives.” She is a frequent author (eighteen books published by the ABA and hundreds of articles) and speaker on legal technology, cybersecurity and electronic evidence topics. She was the President of the Virginia State Bar June 2013 – June 2014 and a past President of the Fairfax Law Foundation and the Fairfax Bar Association. She may be reached at firstname.lastname@example.org