“All of your files are encrypted… You have 24 hours to pay 300 in bitcoins to get the decryption key, or they will all be deleted.”
Imagine logging on to your work computer for the day, only to be startled with a ransomware note like this. Ransomware is not to be taken lightly. It can be devastating to law firms, as your client’s files and sensitive information is held hostage. Read on to better understand the damaging impact ransomware can have on law firms, and the cybersecurity steps you can take to prevent it from happening to you.
What is ransomware?
Ransomware is an IT person’s worst nightmare. It is an extreme form of malware in which an entire system is hacked, all the data is encrypted, and the unbreakable key to retrieve the data is not revealed until a sum of money is paid. This type of encryption is typically as strong as the technology used to protect banking information. The perpetrator will often demand the ransom to be paid in untraceable bitcoins, often within 24 hours. Some will even threaten to delete files every hour and increase the ransom rate until it is paid, displaying a countdown in their ransom notes.
What to do in a ransomware attack
Law firms that fall victim to ransomware attacks may not know what to do. It may seem like an easy solution to just pay the ransom and get your files back. But the fact remains that your systems are exposed, and you need a plan to ensure that your files have been fully recovered and the ransomware is gone.
Could it happen to you?
In this unsettling story of a ransomware attack, the accountant returned to work after a holiday weekend on what she thought would be a normal day. Her time and billing system would not launch, and her files looked strange. Rather than ending in the typical .pdf and .doc extensions, the files would not open and end in a wallet extension. Her IT team confirmed that it was ransomware and it had hit their entire network, encrypting all of their data—documents, PDFs, emails, and their time and billing systems.
Thankfully, this story has a happy ending. The cybersecurity firm that this law office worked with was able to trace the attack back to a single user named “Scanner,” which had been created to enable emailing from a copier/scanner. The user was deleted, but there was still damage control to be done. The IT team then located the server where the attack occurred, which had thankfully caught and stopped the ransom virus halfway through encrypting all their files. Finally, the team turned to restore all the files. In many cases, ransomware can attack your local windows backups too, and you will have only cloud-based backups to rely on. This particular law firm was very lucky that the ransomware was not able to complete its attack, and their computer support company was able to restore the remaining encrypted files from their local backup.
The first step is to contact your computer support company for help. A great team like Scale Technology will have around the clock support, and will constantly update your security infrastructure to ward off newly developed ransomware. In the ransomware attack story, the security that was already set in place may have been the one thing that saved them and prevented the worst case scenario from happening. If the network had not detected a virus and began to remove it before the ransomware ran its course, and if they had not had proper backups in place, they may have been forced to pay the ransomware or risk closing down for a complete loss of data.
If an attack does manage to get through, your cybersecurity firm will work quickly to identify the source and stop the ransomware in its tracks. Your daily updated backups are a crucial part of your recovery plan. Since a local backup is not enough, a cloud-based backup is often needed for full recovery from ransomware.
How to prevent a ransomware attack
Regardless of the size of your firm, backups are a necessity. Have a process in place for them to get completed every single day.
Not only are cloud-based backups your only guaranteed way to recover data in the event of an attack, your firm can benefit from them in other areas. Cloud solutions provide greater security than an in-house hardware solution, and have immediate disaster recovery systems with automatic backup solutions built right into the programming. In addition, the remote access provided with cloud-based services allows you to access up-to-the-minute data from anywhere. This can be particularly helpful if you are looking to scale your business outside of your immediate area. Since you have a legal obligation to keep your clients’ data secure, these cloud-based services can provide a great peace of mind knowing everything is protected yet easily accessible to the right hands.
Have strong systems in place
Your network is only as strong as your weakest password. Having systems that require frequently changed, strong passwords can prevent hackers being able to access your system. Deleting old users can also prevent threats from arising, as well as the implementation a great spam filter.
Have a disaster recovery plan
Any staff member with access to any part of your network should be properly trained on prevention, and what their role would be in a disaster recovery plan. Ransomware can originate from bad emails or navigating to a bad website. Your staff should be trained on the dangers of this tricky situation, what to look for to prevent it, and what to do if it occurs, or if something seems off. Having a well-known plan in place can make the difference of being able to recover from ransomware or not.
Work with a strong cyber security team
Your best defense to prevent and fight back on any type of attack is a knowledgeable and modern IT department. At Scale Technology, we want to give you the peace of mind to be able to run your business effectively while we work behind the scenes, keeping your technology infrastructure safe. We can offer you a plan that includes strong ransomware protection, the best cloud-based services, plus backup and disaster recovery. Schedule a free consultation today.