Ransomware Attacks in the Legal Profession

Here are the most essential actions to take to protect your organization from the effects of a ransomware attack.

The legal profession has not escaped the insidious onslaught of ransomware attacks that propagate as if a digital pandemic. I have researched nearly 1,200 ransomware attacks, of which over 40 occurred within the legal profession. I say directly, as many hundreds of other law firms and court systems were indirectly affected when their managed service providers (MSP) such as TrialWorks (October 2019) and Epiq Global (March 2020) were attacked. The aftermath of these attacks ranged from lost access to critical trial data, trial postponements, and requests for delays in various court proceedings. Suddenly losing access to case management and e-Discovery systems can be catastrophic.

Everyone Is Fair Game

Ransomware victims include law firms, courts, and legal service providers. Of the 42 legal profession organizations affected by ransomware, law firms are at the top of the list.

Size does not insulate an organization from the havoc a ransomware attack can inflict. Firms as large as $2.5 billion DLA Piper or a single attorney practice have experienced the effects of a ransomware attack. My research shows the average number of lawyers employed by law firms affected by ransomware is 180. The figure below shows how I classified the size of a law firms attacked by ransomware.

Ransomware operators view small law firms as having little to no security and in my experience, they would be correct.

Click here to read the full article from Corporate Counsel Magazine (registration required).


Tari Schreider is the author of:

Cybersecurity Law, Standards and Regulations (2nd Edition)cybersecurity-law-standards-regulations-rothstein-publishing

building-effective-cybersecurity-program-rothstein-publishing

and

Building an Effective Cybersecurity Program (2nd Edition)

Tari Schreider, C|CISO, CRISC, ITIL® Foundation, MCRP, SSCP is a distinguished technologist and nationally known expert in the fields of cybersecurity, risk management, and disaster recovery. He was formerly Chief Security Architect at Hewlett-Packard Enterprise and National Practice Director for Security and Disaster Recovery at Sprint E|Solutions. Schreider is an instructor for EC-Council where he teaches advanced CISO certification and risk management courses.