Ransomware

For several years ransomware has been the most dangerous form of cybercrime. It is relatively easy to implement. Fully formed attack packages are well known on the Internet, and there are even providers who will conduct ransomware for a fee. Most importantly, it is effective. Billions of dollars are extorted by ransomware every year, and the problem is only getting worse.

Law firms are prime targets for ransomware. Lawyers are repositories for valuable information and financial data. They also depend on that data to continue operations. Being locked out of one’s systems and information is a death knell for many businesses, law firms included.

While the form of attack can differ, most ransomware works in a similar way. After infecting a system, ransomware will begin to encrypt any information it can find on a computer, using effectively uncrackable technology. Sometimes the malware will delay encryption for a time to ensure it spreads into as many files and machines as possible. On that latter point, if a computer is part of a network or has access to a shared drive used by the office, the ransomware can easily spread to the entire network and every machine.

Once encryption is complete and the malware is activated, a message will pop up on users’ screens indicating that the ransomware is present. It will state that files are now locked by encryption, and the only way the information can be retrieved is by paying a ransom. Demands for payment are usually through Bitcoin to maintain the anonymity of the attacker.

The message will say that if the ransom is paid, a decryption key will be provided to recover the information. This sometimes happens. Hackers, oddly enough, usually want to develop a reputation of carrying through so that future victims will have confidence to pay the ransom. But there is no guarantee, of course. The hackers are anonymous and if they do not follow through after payment, nothing can be done. Also, law enforcement authorities might find and take down the decryption server before it can deliver the keys. The victim will again be out of luck.

The amounts demanded from ransomware vary greatly. It used to be that sums were commonly a few hundred or thousand dollars. This was to encourage the victim to pay quickly rather than lose their information or spend time and money trying to evade the malware. Criminals have now become much more sophisticated in assessing the amount to ask for. After infection, they may comb through files on the targeted computer looking for financial statements of the business so they can establish what the victim can afford. Or if they find a cyberinsurance policy which the victim owns, they will likely ask for the maximum payable under that contract. 

A ransomware attack can be extremely dangerous for the financial viability of a target. Not only must steps be taken to avoid it, fallback protections such as backups, discussed later, are crucial to avoid disaster if ransomware strikes.

Optional Videos: If you’re interested in learning more about how ransomware is evolving, how you can protect yourself, and what you can do to maximize your chances of recovering from a ransomware attack, check out the following Bite-Size CPD videos:

Ransomware [7:15 minutes]

4 Things to do BEFORE Ransomware strikes [6:04 minutes]

Recovering from Ransomware [7:43 minutes]