Did you experience an alarmingly high level of stress while watching The Good Wife’s “Shiny Objects” episode, when the law firm of Florrick Agos was hit by a malware attack that triggered a ransomware program that locked all of firm’s files and demanded $50,000 in 72 hours or else? Did your heart rate escalate while imagining what would happen to your firm if such an outrage happened in real life? Unfortunately, we’re not going to alleviate your stress level in any way because this outrage does happen in real life. In fact, these cyberattacks, usually carried out via “spear phishing” emails, have been on the radar for quite a while. Law firms are not new targets – the FBI issued an advisory warning specifically about law firms in 2009 – but the attacks on law firms are nevertheless on the rise.
Spear phishing is nasty business. These aren’t your average, everyday fake emails that you’ve learned to avoid. Spear phishing has its roots in familiarity: there in something in that malicious email that is designed to appeal to you personally. In The Good Wife scenario, Florrick Agos partner Diane received an email appearing to be from Alicia, another Florrick Agos partner. It’s far too easy to empathize with opening such a routine email from someone that you immediately identify as a safe source. But without the proper security programs in place to screen such emails – or where someone clicks on that email – there is no way to detect that it was a phishing attack until a short time later, when all the firm’s files have been locked and a cryptic message appears demanding payment under threat of the destruction of the files. In the show, Florrick Agos kept its files on a single network, without outside backups, and was due in court in one hour. Yikes. So the firm ponied up the $50,000 ransom.
As usual, The Good Wife’s script comes from art imitating life. In February, a North Carolina law firm announced that every document on its server had been encrypted by Cryptolocker ransomware. The malware arrived via a phishing email that appeared to be coming from the firm’s phone system and sending a voice message as an attachment. Upon opening the email, every single firm document was encrypted and held for ransom. Because the firm did not have everything backed up, it tried to pay the $300 ransom to get the files decrypted, but the time period to decrypt had expired.
You’re probably thinking “only three hundred dollars?” No, that is not a typo. Paying three hundred dollars is worth getting your firms’ files back, right? Hard to argue with that. And that line of thinking is why the criminal minds who created Cryptolocker have made $30 million from the ransomware.
And let’s not forget the more conventional hack jobs that are out there:
- In 2008, a law firm was informed that it was the victim of a hacking attack – and that Chinese hackers had been snooping around the firm’s network and collecting thousands of emails and documents for more than a year before discovery.
- In 2010, hackers infiltrated the networks of seven Canadian law firms searching for confidential information to derail a proposed $38 billion takeover of Potash Corp. of Saskatchewan Inc. by BHP Billiton Ltd.
- In 2012, an Ontario law firm lost six figures from a trust account when an employee clicked on a link in a phishing email. The hackers monitored her keystrokes and copied bank account numbers and passwords as she typed them.
- Recent reports have warned that Australian law firms are being targeted by at least thirteen advanced Chinese malware groups in an attempt to steal intelligence from certain business clients.
These are just a few notable examples in the long line of law firm breaches.
Law firms are enormously attractive targets for hackers. Firms have a lot of very sensitive information and a duty to protect its confidentiality. The good news isthat many cyberattacks are relatively straightforward to prevent. But as hackers become more sophisticated, law firms in particular need to implement strategic and strict data protection practices, including systemic encryption and backups. Florrick Agos paid a ransom because it was unprepared. Don’t be that firm.