Ransomware threats to law firms have increased at a considerable rate over the last eighteen months. Many apocryphal stories have circulated about law firms who have met the threat by paying the ransom rather than risking downtime and data loss.

Let’s take a look at a few simple measures that can be put in place to prevent the need for this.

What is ransomware?

Ransomware is computer malware that installs itself covertly on a victim’s computer or network. It then executes a cryptovirology attack that adversely affects it and demands a ransom payment to decrypt it.

Simple ransomware may lock the system and display a message requesting payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file. The ransom is almost always demanded to be paid in Bitcoin

Protection checklist.

♦ Backup all your data.

By far the most important weapon in your arsenal is a regularly scheduled backup. If you are subject to an attack you can simply wipe your system to eliminate the ransomware and re-install the backup.

The more often you backup your data, the less data will be lost. It’s worth thinking about your backup frequency and just how much data your practice can afford to lose without affecting its performance.

Keep your software up-to-date.

Ransomware often relies on the victim running outdated software where vulnerabilities are known. To combat this, the best approach is to create protocols for ensuring updates are performed when necessary. Keeping common third-party software such as Java and Flash up-to-date will eliminate a large number of threats.

Educate your staff.

Unfortunately, your staff are the weakest link in the security chain. If they allow themselves to fall victim to a phishing scam or other email generated approach, they can compromise the security of your entire business.

Teach your fee earners and staff to recognise potential threats and to treat unrecognised or unsolicited mails with extreme caution. The simplest way to do this is to train them to ask these key questions about emails:

  • Do I know the sender?
  • Do I really need to open that file or go to that link?
  • Did I really order something from this company?

Avoid being infiltrated.

Occasionally your staff may unwarily visit compromised websites or open emails that contain malvertising. These are the usual sources from which the infiltration and malicious downloads will come. By blocking access to malicious websites, emails and attachments you can protect your network and avoid problems.

In addition, make sure all your staff are aware of the hazards of using portable drives and memory sticks. Essentially, if you don’t know the origin of the device, you don’t know what it might contain.

Use high quality antivirus software.

There really is no excuse for being lax in this matter. Making use of a good quality antivirus solution throughout your entire system is a must. Ensure all laptops and portable devices that interact with your network have the same levels of protection as the network itself.

In addition to this, you can add a further level of security by providing each member of your team with only the level of privileges that they require to do their jobs. Granting everyone administrator privileges can allow an attacker administrator access in the event of your system being compromised.

♦ Know the enemy.

Intelligence about the latest threats provides you and your IT staff with advance warning about cyber crime activity in your area and industry.

You can keep up to speed with the latest reports from cyber intelligence organisations such as Talos. Talos publicly shares information about emerging threats and provides forums and instructional videos to help you keep ahead of the game.

And finally… say no to ransom demands.

You may be tempted to pay up and recover access to your data to avoid both inconvenience and real operational problems. Although many businesses are tempted to pay the ransom to regain control over their systems, this should be the last thing you think about!

Make sure you notify the authorities and remember, succumbing to the demands will only encourage the criminals to make further attacks and further demands.