Cybercrime: how do you protect your law firm from ransomware threats?


Ransomware threats to law firms have increased at an alarming rate over the last eighteen months. As a leading supplier of practice management software, at LawWare we occasionally hear apocryphal stories about firms who have paid the ransom rather than risk downtime and data loss.

What is ransomware? 

Ransomware is computer malware that installs itself covertly on a victim’s computer or network. It then executes a cryptovirology attack that adversely affects it and demands a ransom payment to decrypt it.

Simple ransomware may lock the system and display a message requesting payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file. The ransom is almost always demanded to be paid in the digital currency, Bitcoin.

Here are a few simple tips that can be put in place to mitigate the risk.

Protection checklist.

Backup all your data.

By far the most important weapon in your arsenal is a regularly scheduled backup. If you are subject to an attack you can simply wipe your system to eliminate the ransomware and re-install the backup.

The more often you backup your data, the less you will lose. It’s worth thinking about your backup frequency and just how much data your practice can afford to lose without affecting its performance.

Keep your software up-to-date.

Ransomware often relies on the victim running outdated software where vulnerabilities are known. To combat this, the best approach is to create protocols for ensuring updates are performed when necessary. Keeping common third-party software such as Java and Flash up-to-date will eliminate a large number of threats.

Educate your staff.

Your staff are the weakest link in the security chain. If they allow themselves to fall victim to a phishing scam or other email generated approach, they can compromise the security of your entire business

Teach fee earners and staff to recognise potential threats and to treat unrecognised or unsolicited mails with extreme caution. Train them to ask these key questions about emails:

  • Do I know the sender?
  • Do I really need to open that file or go to that link?
  • Did I really order something from this company?

Avoid being infiltrated.

Occasionally your staff may unwarily visit compromised websites or open emails that contain malvertising. These are the usual sources from which the infiltration and malicious downloads will come. By blocking access to malicious websites, emails and attachments you can protect your network and avoid problems.

Use high quality antivirus software.

There really is no excuse for being lax in this matter. Making use of a good quality antivirus solution throughout your entire system is a must. Ensure all laptops and portable devices that interact with your network have the same levels of protection as the network itself.

Know the enemy.

Intelligence about the latest threats provides you and your IT staff with advance warning about cyber-crime activity in your area and industry.

You can keep up to speed with the latest reports from cyber intelligence organisations such as Talos. Talos publicly shares information about emerging threats and provides forums and instructional videos to help you keep ahead of the game.

Finally, say no to ransom demands.

You may be tempted to pay up and recover access to your data to avoid both inconvenience and real operational problems. This should be the last thing you think about!

Make sure you notify the authorities and remember, succumbing to the demands will only encourage the criminals to make further attacks.

Mike O’Donnell,

LawWare Limited.