Ransomware Revamped: Latest Petya Wiper-Ware Attack Cripples Global Biglaw Firm

July 17, 2017 by Alex Collins, IT Services Consultant

When it comes to ransomware, hackers don’t discriminate—every business, and every industry, is fair game. With ransomware shutting down a boutique Rhode Island law firm and the latest Petya attack placing global biglaw squarely in its crosshairs, it’s becoming clear that hackers have set their sights on the legal world.

A Ransomware (Wiper-Ware) in Disguise

To make matters even more harrowing, the latest Petya “ransomware” attack appears not to be ransomware at all. According to industry experts, it’s actually a “wiper-ware” whose purpose is to create chaos and obliterate files altogether. This is not good news for law firms, whose livelihood depends on safeguarding sensitive case files, court documents, and client trust.

A wiper-ware—or ransomware—type of attack takes cybersecurity disaster to a whole new level by encrypting files, blocking access to computers, and demanding a ransom…then ultimately destroying the victim’s files anyway.

Client Cybersecurity Audits Mean Business Losses for Unprepared Law Firms

For law firms, cybersecurity disasters raise all sorts of legal and business concerns. Even a minor attack can jeopardize critical attorney-client privilege, endanger time-sensitive case progress, and permanently damage a firm’s reputation in the long run.

As part of the hiring process, in light of the recent uptick in ransomware and other cyber attacks, clients are demanding that their lawyers have a proven cybersecurity plan in place. The American Lawyer reports that 34 percent of law firms have undergone a client cyber audit—and according to a recent survey, industry experts expect that number to increase to 65 percent by 2018.

Five Critical Steps to Keep Your Law Firm Secure

While law firms of all sizes are vulnerable to ransomware and other forms of cyber attack, an organization’s security preparation and incident response planning can mean the difference between business continuity and total incapacitation—before an attack and during the disaster recovery phase.

Follow these tips to safeguard your law firm’s data, keep your client’s sensitive information secure, and stay up-and-running in the event of a disaster:

1. Analyze the Damage

If your firm is hit with ransomware or another form of cyberattack, knowing exactly what data was compromised and what data is safe can help identify potential legal liability and mitigate reputational damage.

Because in-house IT teams are embattled in the mechanics of the attack while an event is unfolding—and are often totally exhausted in the aftermath—an independent expert can provide a critical perspective. A third party assessment of the situation also helps accurately gauge the extent of the breach or data loss and, as an unbiased third party, can help keep any reputational fallout to a minimum.

2. Determine the Scope of the Attack

Ransomware and other forms of cyber attack are often not what they appear to be on the surface. In fact, sophisticated hackers regularly use ransomware as a distraction or smoke screen to keep other malicious activities under the radar. Then, while in-house IT teams are embroiled in incident response tactics specific to the ransomware threat, company data and other sensitive client information is quietly compromised.

In order to determine the extent and severity of ransomware or malware penetration, it’s critical to identify the apparent motive and ultimate target of the attack.

 3. The “Reasonable Efforts” Approach: Identify and Repair Vulnerabilities to Prevent Unauthorized Disclosure

According to the American Bar Association’s ethical rules and the recently updated Formal Opinion 477R,  “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Further, a lawyer will not be in violation of the above rule “if the lawyer has made reasonable efforts to prevent the access or disclosure” of sensitive client information.

The ABA rule in conjunction with state breach notification laws means law firms who’ve fallen victim to cyber attack must endeavor to grasp exactly what data was compromised, communicate that information to affected parties, and ensure that sensitive client data doesn’t fall into the wrong hands in the future.

To that end, a post-event assessment of your firm’s incident response efforts will help shed light on the weak link in your security architecture—whether it’s employee error, an unpatched operating systems, or ineffective disaster response. This information is vital to ABA compliance and for safeguarding client information going forward.

4. Maintain and Segregate Backups to Stop Malware Spread

Sometimes, as was the case in the most recent Petya ransomware attack, the hackers have no intention of unlocking files—they simply want to cause destruction.

With that in mind, in addition to having a comprehensive cybersecurity and incident response plan in place, an effective backup system is necessary. It’s also crucial to ensure that your backup system is separated and segregated from all other systems before, during, and after an attack—even if that means powering down all network servers, systems, and computers and staying offline until the specific attack vector is determined.

5. Simply Having a Cybersecurity Plan is No Longer Enough

In order to keep up with the increasing sophistication of today’s ransomware attacks, law firms need to be proactive when it comes to their organization's security fabric. Simply having a plan on file is no longer sufficient; an effective cybersecurity plan must be regularly audited, updated, and tested. When it comes to protecting your firm against ransomware, your security plan should include frequent employee education and training, incident response planning, and a comprehensive disaster recovery and backup solution.

With All Covered Care—Secure and Protect, KnowBe4’s anti-phishing training and remote 24x7 monitoring protects against the spam, malware, and phishing attempts that can facilitate a ransomware attack. To learn more about All Covered Care – Secure and Protect and to implement our End User Awareness Prevention Program, contact All Covered Toll-Free Nationwide at 866-446-1133 or visit www.allcovered.com.